[Rats] Re: AD follow-up review of draft-ietf-rats-uccs-09
Henk Birkholz <henk.birkholz@ietf.contact> Thu, 23 May 2024 19:51 UTC
Return-Path: <henk.birkholz@ietf.contact>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C64EC14CF13 for <rats@ietfa.amsl.com>; Thu, 23 May 2024 12:51:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.23
X-Spam-Level:
X-Spam-Status: No, score=-10.23 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-3.135, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ietf.contact
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jpUaNeqpNa81 for <rats@ietfa.amsl.com>; Thu, 23 May 2024 12:51:37 -0700 (PDT)
Received: from smtp04-ext3.udag.de (smtp04-ext3.udag.de [62.146.106.41]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47DEEC14CF17 for <rats@ietf.org>; Thu, 23 May 2024 12:51:37 -0700 (PDT)
Received: from [192.168.16.50] (p4fea7571.dip0.t-ipconnect.de [79.234.117.113]) by smtp04-ext3.udag.de (Postfix) with ESMTPA id B3868E035C; Thu, 23 May 2024 21:51:31 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ietf.contact; s=uddkim-202310; t=1716493892; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4ShJcGrRf/Qb4cGiObxPUkDupdOyYYezTgE9gK+3PgI=; b=vyl93CUhb0ffsI2hTID1W7des+uKEDoM42JcZDtJ6JBgbZfxbfTJAp7Cl7mTTNUJXwd6l3 IF3/YgGgukJEnHCvKBpgRP08Mo0/ssCmhmo5NdkI02HpRc3Q9YrZVguVtrWpwJXyG/W6m2 yRLozizOsNn//JIDNxE3EhUR6EbjyhCqe+s8cOfXpQNaRPmsjtfS9+d9Z6hpwKrpX3u5U+ hLevazGbQvttkeHCZNR7mgBganAa2gFtCZUSm++vaNNZ966m+2fJNXLx2/W9Jrknn+VITf 5vABiE3zGU8UH7clk92XyUSG/Qcw3ww4ac15rmkYMeA7GD4PWe2D1fwCzDhbzw==
Message-ID: <01444c87-9589-7b68-dfb1-53469be010af@ietf.contact>
Date: Thu, 23 May 2024 21:51:31 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0
Content-Language: en-US
To: Roman Danyliw <rdd@cert.org>, "rats@ietf.org" <rats@ietf.org>
References: <PH1P110MB1116C5BE031039613AA69302DC2DA@PH1P110MB1116.NAMP110.PROD.OUTLOOK.COM> <BN2P110MB1107A8114018462D5FD275A8DCF4A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
From: Henk Birkholz <henk.birkholz@ietf.contact>
In-Reply-To: <BN2P110MB1107A8114018462D5FD275A8DCF4A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Authentication-Results: smtp04-ext3.udag.de; auth=pass smtp.auth=henk.birkholz@ietf.contact smtp.mailfrom=henk.birkholz@ietf.contact
Message-ID-Hash: BVE6U5LC74GNRTZS4QF5M7GLD633DDI5
X-Message-ID-Hash: BVE6U5LC74GNRTZS4QF5M7GLD633DDI5
X-MailFrom: henk.birkholz@ietf.contact
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Rats] Re: AD follow-up review of draft-ietf-rats-uccs-09
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>
Hi Roman! Just did some other WGLC items. But after a period where a bunch of authors were on and off PTO, I am currently carefully optimistic to compose feedback starting next week. Viele Grüße, Henk On 23.05.24 14:53, Roman Danyliw wrote: > Hi! > > I'm checking on the next steps on draft-ietf-rats-uccs. Could the feedback below please be addressed. > > Roman > >> -----Original Message----- >> From: Roman Danyliw >> Sent: Monday, March 18, 2024 7:49 PM >> To: rats@ietf.org >> Subject: AD follow-up review of draft-ietf-rats-uccs-09 >> >> Hi! >> >> I previously performed an AD review on draft-ietf-rats-uccs-08. See >> https://mailarchive.ietf.org/arch/msg/rats/HU2eIC7AevBSBHGk5tqXSR8wMco/. >> Thanks for -09. For ease of tracking issues, this new email summaries the >> remaining issues from AD Review. >> >> >> ** Section 6. >> The security >> considerations of [RFC8392] need to be applied analogously, replacing >> the function of COSE with that of the Secure Channel. >> >> [per -08] >> If all of the Security Considerations of RFC8392 apply, then there is an >> authenticity requirement for the Secure Channel. RFC8392 says “it is not only >> important to protect the CWT in transit but also to ensure that the recipient >> can authenticate the party that assembled the claims and created the CWT.” >> >> [per -08] the Privacy Preserving channel of Section 4.3 (Section 5.3 in -09) >> seems to explicitly suggest that there “receiver cannot correlate the message >> with the senders of other received UCCS messages “ which seems to be the >> opposite of authenticity. >> >> [response] >>> The objective of 4.3 (now 5.2) is to discuss how authenticity does not >>> necessarily lead to linkability. >>> It does not relax the authenticity requirement. >>> (E.g., DAA replaces the attester key with a group key, and something >>> similar could be a use case for secure channels as well.) >> >> [Roman] Can this nuance please be explained in the prose. This seems to be a >> very different situation than authenticity in the CWT sense. >> >> >> ** Appendix A. Excuse my rough understanding of CDDL. >> >> -- [per -08] My read of this CDDL is that there is JSON hooks included with the >> JC<> construct. This JSON binding isn’t explained any place else. >> >>> Yes. >>> Parts about JSON bindings do not use normative language, because UCCS >>> is about CBOR claim sets. >>> This CDDL is designed to be useful in a mixed environment, based on >>> requirements from EAT. >> >> I don’t understand. This CDDL in Appendix A is normative, and so is the >> flexibility in its design to support JSON. Otherwise, it would be “C< ...>” and >> not “JC<...>”. I don’t take exception with providing a JSON binding but please >> explain this in the prose and in the introduction.. >> >> Roman > _______________________________________________ > RATS mailing list -- rats@ietf.org > To unsubscribe send an email to rats-leave@ietf.org
- [Rats] AD follow-up review of draft-ietf-rats-ucc… Roman Danyliw
- [Rats] Re: AD follow-up review of draft-ietf-rats… Roman Danyliw
- [Rats] Re: AD follow-up review of draft-ietf-rats… Henk Birkholz
- [Rats] Re: AD follow-up review of draft-ietf-rats… Carsten Bormann
- [Rats] UCCS and EAT media types (was: Re: Re: AD … Thomas Fossati
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Carsten Bormann
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Orie Steele
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Thomas Fossati
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Thomas Fossati
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Thomas Fossati
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Henk Birkholz
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Thomas Fossati
- [Rats] Re: UCCS and EAT media types (was: Re: Re:… Carsten Bormann
- [Rats] Re: AD follow-up review of draft-ietf-rats… Carsten Bormann
- [Rats] Re: AD follow-up review of draft-ietf-rats… Kathleen Moriarty