IETF Logo Mail Archive

Re: [Rats] New RATS

Simon Frost <Simon.Frost@arm.com> Thu, 02 June 2022 00:05 UTC

Return-Path: <Simon.Frost@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B031C15AAC0 for <rats@ietfa.amsl.com>; Wed, 1 Jun 2022 17:05:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=0CwyqiMC; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=0CwyqiMC
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rN9EiKk2wyKB for <rats@ietfa.amsl.com>; Wed, 1 Jun 2022 17:05:01 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20053.outbound.protection.outlook.com [40.107.2.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5142C15BEC8 for <rats@ietf.org>; Wed, 1 Jun 2022 17:04:58 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=ZWaFjeJTSUGEe94mQRmdj7P/7HgfTWXb+vSk1zPkGyrNlpW7Ww0Qw5E+2Mn//tFI6Yg1u8bmmFM38RCpCMsiOUg8kE5cwH5bjmjQTMO+kO31dzSKGFBH/37yYvkeqrrq9alT9/Dm/03k8fjBHkya2b8Vmj1TWsCOXbsU286jg6SWTWbMKDLgUnJQOvDRQa2Gbf7tqof64D/NhOpcWmkTFbCKfgMDaVgYMu89yZuQvITToAuoDseU5g0Bdy+KNSNSrFf0LIV7GwSrgp0EtH3AqlxragZFvqpAqt/9jvsCOmX11EVswPPpkuChkMRbZi4Cl1FzvAwW2QXyad7XkNSxQg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=s5DjI+r22qWQ8esShHNYv7u7yHvdRXMb6O0NnTp2s8g=; b=E7zyUCQEd5Gkzgz0A2j0X3H3Cif7U0/TBd+CUylxUuHokRt4MMA+qx1ws8yVXeK+ffNbxqb8YE3L7gvSFUtVAoGdtWU9OOlgZ9Z38ZdPh2iwvNducwmyUInOHaWdmHpkLI4qwc8Rl7WIbVzb85n3+QLouivMT4/SYjxCPEb+XxkIUq2ik0eZfZ5d4NWFV6hPBYLAfekluKrTLgjYZY3fPFkgTdECf4U9kBl4VLlFZbcEkFALqSV906qHDnDu6RDAvTGo6jHSLiFUPdMIUBnOSCQxsWD7HSaHBudmiH/qEFaXEReezVIiPA6Gbga6CALQED58+UHA9IqrWd+iFEFyaQ==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=ietf.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s5DjI+r22qWQ8esShHNYv7u7yHvdRXMb6O0NnTp2s8g=; b=0CwyqiMChN5KBjeO7I6nX8uoe0cu/mMwbqvOyQWzD/C5L0X4WxWmLu0FKX/EOUPwq2wIUNPJ0Texet68ei9J/Oj0B/TvTh+ZwdtiOzRd5vDGcRq7onqLWF7EvyNFtW1hKYOP5FqG2ksvKW52LSgY2v+yhORl3OwMqgjoeyezmMg=
Received: from AS9PR06CA0334.eurprd06.prod.outlook.com (2603:10a6:20b:466::19) by PAXPR08MB6413.eurprd08.prod.outlook.com (2603:10a6:102:de::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5293.15; Thu, 2 Jun 2022 00:04:54 +0000
Received: from AM5EUR03FT027.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:466:cafe::a3) by AS9PR06CA0334.outlook.office365.com (2603:10a6:20b:466::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5314.13 via Frontend Transport; Thu, 2 Jun 2022 00:04:54 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT027.mail.protection.outlook.com (10.152.16.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5314.12 via Frontend Transport; Thu, 2 Jun 2022 00:04:54 +0000
Received: ("Tessian outbound e40990bc24d7:v120"); Thu, 02 Jun 2022 00:04:54 +0000
X-CR-MTA-TID: 64aa7808
Received: from 0ef928dc1ba7.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id E64F89A2-D6C9-4522-A3BA-EE3C1C39BCBC.1; Thu, 02 Jun 2022 00:04:44 +0000
Received: from EUR05-AM6-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 0ef928dc1ba7.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 02 Jun 2022 00:04:44 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Xs8+w8MOds55Ci6t6x49fmvou/mUvteBiy9om3+5dooW10T7C1EvJma+8xu9ArItXV6jcGEG0mRhWHkWYOmYcSf2SdvWBezbC9xUwCI9Ml4t89xxJVCHJLZHusjoACRqEYTeLdJQM6pFlWggd/mIms0ZjZPD9ANr5NJlCDFIBXJulJbWnTt+1qB9DgoQYBj3XRRrWVrvih5T/Ex9b8MybfqINK8vqGe9FBqb2ep1HUB3qPN9SnCUFEDP5HWHxO5nL3fOxnmYsRS1J/VgUN+2TrGg6aKYE4SuFNB/s+hoM2mzNyPp3l2utxW5hobWmDwOhNiV3mCOq9uv+6kdINZFxg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=s5DjI+r22qWQ8esShHNYv7u7yHvdRXMb6O0NnTp2s8g=; b=jnIZST8lA/r/2zQ/JtVSzm5v3q1aUxEdp8d5mUwwWs3oHIlONw6qIFhLc3loDkv1mTfDKiInUFIXTA5jPKdcKtBDY0LpTT6IyC2EU7+YPG4WiHOXtxiIu49m2pId9NPRfF44nZGlmA7mADvhlxEnBKdjEvDE79DBltLOj1Lee/ykZyrhhpuPwXr8PU2i+qPS/483pzWnCtX+ttNOd9vLIkTAwSk00CyfNq/I+gKmDKWZaHlc5fo/ZCM5ku5DffR4wqZS94voTQx4iXYH/6l7qK48QtUbX/hA/q990NlVDpezOntvqmb0VFzXwsZDaKUyrSgeHdS5P0cufyKrvy7FmQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s5DjI+r22qWQ8esShHNYv7u7yHvdRXMb6O0NnTp2s8g=; b=0CwyqiMChN5KBjeO7I6nX8uoe0cu/mMwbqvOyQWzD/C5L0X4WxWmLu0FKX/EOUPwq2wIUNPJ0Texet68ei9J/Oj0B/TvTh+ZwdtiOzRd5vDGcRq7onqLWF7EvyNFtW1hKYOP5FqG2ksvKW52LSgY2v+yhORl3OwMqgjoeyezmMg=
Received: from AS8PR08MB6392.eurprd08.prod.outlook.com (2603:10a6:20b:31a::14) by DBBPR08MB4444.eurprd08.prod.outlook.com (2603:10a6:10:c4::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5314.13; Thu, 2 Jun 2022 00:04:41 +0000
Received: from AS8PR08MB6392.eurprd08.prod.outlook.com ([fe80::fd45:ac7:7028:8262]) by AS8PR08MB6392.eurprd08.prod.outlook.com ([fe80::fd45:ac7:7028:8262%7]) with mapi id 15.20.5314.013; Thu, 2 Jun 2022 00:04:41 +0000
From: Simon Frost <Simon.Frost@arm.com>
To: "Smith, Ned" <ned.smith@intel.com>, "rats@ietf.org" <rats@ietf.org>
CC: Thomas Fossati <Thomas.Fossati@arm.com>
Thread-Topic: [Rats] New RATS
Thread-Index: Adh0GG2wOl1fGdhXSJ+DJzH62+JLawAvzhYAACx/bnAACOqfgAAZVTng
Date: Thu, 02 Jun 2022 00:04:40 +0000
Message-ID: <AS8PR08MB63928A0E621B6FF56E25B62EEFDE9@AS8PR08MB6392.eurprd08.prod.outlook.com>
References: <AS8PR08MB6392C7D0CC195B30CBC789CBEFDD9@AS8PR08MB6392.eurprd08.prod.outlook.com> <974C4ABC-20AC-4858-AEEA-5822ABA0DD78@intel.com> <AS8PR08MB6392C365BB06F62FA8A087D0EFDF9@AS8PR08MB6392.eurprd08.prod.outlook.com> <8DEE55C1-1658-40C6-9EFA-9BA55C0664EC@intel.com>
In-Reply-To: <8DEE55C1-1658-40C6-9EFA-9BA55C0664EC@intel.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 489822686EFD654993B6D8A5BDD413BA.0
x-checkrecipientchecked: true
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-MS-Office365-Filtering-Correlation-Id: be1fb5e5-cea7-40a7-8b7f-08da442b85a2
x-ms-traffictypediagnostic: DBBPR08MB4444:EE_|AM5EUR03FT027:EE_|PAXPR08MB6413:EE_
X-Microsoft-Antispam-PRVS: <PAXPR08MB6413D7350FF00AD8E37C01D8EFDE9@PAXPR08MB6413.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: HEHaIN9jjmjou79YR+TiqL+3vi0QRrLnZPZCJSSrRyYMmf58BIZ+aHNj8Bg0i2JJ7vzvH9xFPRwLSk4eBeT1BPrsmwAnX+RNkbm4q2aXBjM4rqz2+aZb9YHwhuKdhyl1xmnhLzOCnOTWlKtrkaQHMiXjOzuPfvoVaJi/F1ZDxQyYIUlx7/nMky6GcAmXd5Cjwy00BH35id5WBmHUBy/wVMqxcPCsneFsrBar2N+MkV7l9IvBD/9xZrh6NMj780ucg3PXrFk18VCQLt3GzNsbuqePTXw07fGSAKAMmsF1OO8oqO0/J/vWnFrCMgE6ofJ9r3FlrCzLAfHmCoW8ry1nrmr+5o5GSJGRHYeLJG0Etrmf9h2XcxOpYANunC1LtccWvIXz3JMJNx2HkhikQrwJpxRgqyC/ce6MimhPKxjihBJaiQk7TR2y4G7L3+YaT9jgvLm2h++i7FHEWBBfgWO+JrLLi+/E12kuffa3pKxsIt8ReswakOqk3cBZakzOMWoHOACyx9ghXR1K2k0paVo+6TaF99soHgrNDAoKgulkD/DWbzrW8YIwt7Sd22pUlcgvp/U+HcE2P0AdLU75qZ5/JAx/KG0G0AcDqxAoK3L9u/g79EfpabUl8Ku3BRF2K01I/RDOy9scG5gs8qxy4be9HdpNs1E43h3kYdd3SKK/ahG0oWqAiOWmK8ufCThaXe/n3KhJlIBG+Wvh1VkdbqXZL4hJfC2AbeLUcAvfo+YhTJuQ1311rsC7EPG3ggRkVGomePBvNSZesg6YOQclTrdt3nEC80modGmiWAIbE0vRu0nd/zD37HrdecqraJ/uAk8o1FuJ6v5zpz7pzfVys0WP3Q==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS8PR08MB6392.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(4326008)(966005)(8676002)(66556008)(66946007)(52536014)(38100700002)(71200400001)(166002)(53546011)(8936002)(9686003)(7696005)(26005)(66476007)(66446008)(64756008)(508600001)(5660300002)(33656002)(6506007)(55016003)(83380400001)(122000001)(316002)(110136005)(86362001)(186003)(76116006)(38070700005)(2906002); DIR:OUT; SFP:1101;
Content-Type: multipart/alternative; boundary="_000_AS8PR08MB63928A0E621B6FF56E25B62EEFDE9AS8PR08MB6392eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB4444
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT027.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 2bf3219f-324f-4ec2-4bb9-08da442b7dbd
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: KyykHXRTqrryRju9vKSSsxJwfncPHWl3JxDt4VPk46sidXZlAWn7BHL/ITsjsirluYzR5MpOCbI9dCO5acYn9kGoiRsHQndFMdNSwtnZgEzQ/dB3eh0g1TCrsN0/XqW0FPlzO4jycg8HxzuZOiLFs+a+GN7bHhOEuSYbJekKEyC+d95ZnEc2U6p/+Xqdzy08yJFMP68hc/Tu6RuI+8hpCn6hDNEGvUoGPNxWFTznzHkYOQEB3G5y1UXHhf2Z/i+wvJIsVvd4VannTQU/32fHedyWlfqkg/oL+TcXm3qhp7IVtsM2dDP1x6LjlaNV3Drf3gkfCRandQw4m//IYeXNxnNQASQ7M6suH1BVH10rrcY8KeNNYy6htzWU0ORkh5WFbKDM6rwbyZA1lD/8YyUw6EpZa3MMS+8MrCpJzHNCSt+tNjz15bvHSpdzwWv/NFWs/nM6wttvQvRf6b9yt2rDciTDcF+IuKhh76PzwLCAwx1twdc7xpDRWlALIID1+/PktRmcsL5OKny6JWaIVkO0Wy4nK/yiEg1C5O8taGQtugt/sDb8I1Eux4vGL2+5K/c2mF+nzPkN/oxYuMQ1rnuqckz04gVSgR/XydR4fjG3CFC/cwjasyjKxW5Dopzj703iyRLmiGvIrvjfKD67yqQ9v1RyjeVBc/c3T/kdhrl//NBVAYMpmIMoPq0rY7j4k4RqZzPOWfyRMHQA6iChivpkeB95pPDPVHy/wapMfceD6qTvr/w5WE0R7QX6zJoJxaJDfHhMeemukyhlnZjzNqgind9dHXhTE/2OytrIK5tc9Ho=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230001)(4636009)(46966006)(36840700001)(40470700004)(9686003)(47076005)(966005)(508600001)(6506007)(86362001)(8676002)(110136005)(53546011)(40460700003)(356005)(26005)(7696005)(33656002)(166002)(30864003)(316002)(5660300002)(33964004)(83380400001)(4326008)(52536014)(36860700001)(8936002)(336012)(2906002)(186003)(82310400005)(55016003)(70586007)(70206006)(81166007); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Jun 2022 00:04:54.1870 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: be1fb5e5-cea7-40a7-8b7f-08da442b85a2
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT027.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR08MB6413
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/wImhfZYgZfmvoULW3aRYzCR0CJQ>
Subject: Re: [Rats] New RATS
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jun 2022 00:05:05 -0000

> I was looking for a definitive starting point for a signed / unsigned object that contains Evidence. It’s OK to say it is a $$EAT-CBOR-[Un]Tagged-Token, but this is an extensibility socket that could be extended to something else (hence isn’t the concrete starting point). If COSE/JOSE is the starting point, then I at least know where to put the Tagged-Collection payload if it should be signed.
Following through my use cases / rationale (per doc) for proposing the collection, I don’t think there is a need for a signed Collection. A top level signed object is already covered by COSE/JOSE.

> It seems there should be conventions for how to extend at a top level socket? For example, MUST/MUST NOT an extension begin with a CBOR global tag and MUST there be a registered content type definition? And should global tagging disambiguate the content that is intended to be used as Evidence (or some other conceptual message type envisaged by the RATS Architecture)?
It would be a sensible rule that a top level socket extension MUST start with a global tag & be relatable to an expected content type (provided that doesn’t complicate the identification of the normal CWT/JWT use case). This should only be a precursor to subsequent access to evidence claim set(s).

> Not sure requiring collections to start with 2 entries makes sense since a parser that supports collections can already support singletons vs. having to find a singleton-only parser.
Agreed, that was a miss in the original draft. Carl Wallace also pointed out a clear use case for not limiting to 2+. The next draft would remove that limitation.

Thanks
Simon


From: Simon Frost <Simon.Frost@arm.com<mailto:Simon.Frost@arm.com>>
Date: Wednesday, June 1, 2022 at 12:36 AM
To: "Smith, Ned" <ned.smith@intel.com<mailto:ned.smith@intel.com>>, "rats@ietf.org<mailto:rats@ietf.org>" <rats@ietf.org<mailto:rats@ietf.org>>
Cc: Thomas Fossati <Thomas.Fossati@arm.com<mailto:Thomas.Fossati@arm.com>>
Subject: RE: [Rats] New RATS

Ned
> The RATS Arch doesn’t use the term ‘Attestee’…
That’s a typo, thanks for pointing it out, I’ll change it to Attester.

> I didn’t see a reference to DEB objects. Could that be included?
DEB objecta are included, but not deeply discussed because I’ve not really seen a use case for them yet. There is a reference to DEBs as collection entries both in the text and the CDDL


> Should a $$EAT-CBOR-Tagged-Token or $$EAT-CBOR-Untagged-Token be signed for integrity protection – for example using COSE/JOSE?

I’m not sure I fully understand the question, but I don’t think that all tokens require a top level signer, for reasons expressed in this doc (and in UCCS).



Thanks for the review

Simon

From: Smith, Ned <ned.smith@intel.com<mailto:ned.smith@intel.com>>
Sent: 31 May 2022 18:18
To: Simon Frost <Simon.Frost@arm.com<mailto:Simon.Frost@arm.com>>; rats@ietf.org<mailto:rats@ietf.org>
Cc: Thomas Fossati <Thomas.Fossati@arm.com<mailto:Thomas.Fossati@arm.com>>
Subject: Re: [Rats] New RATS

Simon,
A couple of comments. The RATS Arch doesn’t use the term ‘Attestee’. Would it be appropriate to use ‘Attester’ or possibly ‘Target Environment’ if the objective is to refer to the environment (object) from which claims are collected by an ‘Attesting Environment’?

I didn’t see a reference to DEB objects. Could that be included?


Should a $$EAT-CBOR-Tagged-Token or $$EAT-CBOR-Untagged-Token be signed for integrity protection – for example using COSE/JOSE?



Thanks,

Ned


From: RATS <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org>> on behalf of Simon Frost <Simon.Frost@arm.com<mailto:Simon.Frost@arm.com>>
Date: Monday, May 30, 2022 at 4:34 AM
To: "rats@ietf.org<mailto:rats@ietf.org>" <rats@ietf.org<mailto:rats@ietf.org>>
Cc: Thomas Fossati <Thomas.Fossati@arm.com<mailto:Thomas.Fossati@arm.com>>
Subject: [Rats] New RATS

FYI. I’ve just submitted a new draft for a proposed extension to the top level object in EAT.

There’s a full justification in the doc, but as a quick summary, there are difficulties in creating a top level ‘envelope’ object for a multi-token system while remaining compatible with EAT. Given the recent move to fix the list of top level objects but embrace extensions, this approach seems to be an appropriate proposal.

See: https://datatracker.ietf.org/doc/draft-frost-rats-eat-collection/ & https://github.com/SimonFrost-Arm/draft-frost-rats-eat-collection

Thanks
Simon

Simon Frost
Senior Principal Systems Solution Architect, ATG, Arm
Mob: +44 7855 265691

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email