Re: [Rats] New RATS
Laurence Lundblade <lgl@island-resort.com> Wed, 01 June 2022 16:36 UTC
Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1133C157903 for <rats@ietfa.amsl.com>; Wed, 1 Jun 2022 09:36:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iWMN3hpQZNFa for <rats@ietfa.amsl.com>; Wed, 1 Jun 2022 09:36:26 -0700 (PDT)
Received: from p3plsmtpa09-02.prod.phx3.secureserver.net (p3plsmtpa09-02.prod.phx3.secureserver.net [173.201.193.231]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79360C157902 for <rats@ietf.org>; Wed, 1 Jun 2022 09:36:07 -0700 (PDT)
Received: from [192.168.1.9] ([136.26.72.24]) by :SMTPAUTH: with ESMTPSA id wRKGnmfWfgzaGwRKHnYTfd; Wed, 01 Jun 2022 09:36:05 -0700
X-CMAE-Analysis: v=2.4 cv=ZYzYiuZA c=1 sm=1 tr=0 ts=62979575 a=isZxWFVFvZU5yhuWepzqFA==:117 a=isZxWFVFvZU5yhuWepzqFA==:17 a=7CQSdrXTAAAA:8 a=pr1HfGhUogk4raJJ_nMA:9 a=QEXdDO2ut3YA:10 a=m8vEag3t4z_BcEor7SoA:9 a=5xsdbD90Ot-MlIO-:21 a=_W_S_7VecoQA:10 a=a-qgeE7W1pNrGK8U0ZQC:22
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <907C07B1-0143-4F0F-B8E7-624ABE8B4076@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_F298140B-346E-4BBD-AB52-5C2A9B288312"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Date: Wed, 01 Jun 2022 09:36:04 -0700
In-Reply-To: <AS8PR08MB6392C365BB06F62FA8A087D0EFDF9@AS8PR08MB6392.eurprd08.prod.outlook.com>
Cc: "Smith, Ned" <ned.smith@intel.com>, "rats@ietf.org" <rats@ietf.org>, Thomas Fossati <Thomas.Fossati@arm.com>
To: Simon Frost <Simon.Frost@arm.com>
References: <AS8PR08MB6392C7D0CC195B30CBC789CBEFDD9@AS8PR08MB6392.eurprd08.prod.outlook.com> <974C4ABC-20AC-4858-AEEA-5822ABA0DD78@intel.com> <AS8PR08MB6392C365BB06F62FA8A087D0EFDF9@AS8PR08MB6392.eurprd08.prod.outlook.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-CMAE-Envelope: MS4xfJwOApvoUo6lQFanr9F7QaEeEdz/q2lShHJKSgLseiZKnAgt9TqwQkeCZ1qUB5dhFgC7iSnaQfqoa8jagfNGA9pWIYW3FbreXFy5ZqlfUKPwdlgKI7ZG kKqzxbZ0OwYbDaUHJURAMCYFOG9yEXHtd2DOdYsbrjez5YqlL8E1uphPGfL5mzonY2EZ0iueKbzcYCJpHNsxZrnFV232z7+fGp6hDZUhQkIko7apC3+GD36N OYxFEuh2iOx73Dgw9ZbIWCH+b/FuwmM+90ufvApEReE=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/dk0VhDxL4EcB52OLg9MrR3ZqB0s>
Subject: Re: [Rats] New RATS
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jun 2022 16:36:27 -0000
> On Jun 1, 2022, at 12:35 AM, Simon Frost <Simon.Frost@arm.com> wrote: > > > Should a $$EAT-CBOR-Tagged-Token or $$EAT-CBOR-Untagged-Token be signed for integrity protection – for example using COSE/JOSE? > I’m not sure I fully understand the question, but I don’t think that all tokens require a top level signer, for reasons expressed in this doc (and in UCCS). We already have a means for signing a collection of tokens — it’s a top-level token with a submod section that has signed tokens in it. The top-level signing token can be very simple, perhaps one a nonce claim and the submods section. It is also has the correct and proper fan out to any type of token. For example the top-level token could be JWT and sign a a CWT and UJCS. Or the top-level token could be a UCCS and include a CWT and JWT, correctly relying on the transport security that UCCS and UJCS were created to take advantage of. (I think collections may not have a lot of these features; still reviewing) LL
- [Rats] New RATS Simon Frost
- Re: [Rats] New RATS Carl Wallace
- Re: [Rats] New RATS Simon Frost
- Re: [Rats] New RATS Smith, Ned
- Re: [Rats] New RATS Simon Frost
- Re: [Rats] New RATS Laurence Lundblade
- Re: [Rats] New RATS Henk Birkholz
- Re: [Rats] New RATS Smith, Ned
- Re: [Rats] New RATS Simon Frost
- Re: [Rats] New RATS Thomas Fossati
- [Rats] Collection binding (was Re: New RATS) Laurence Lundblade
- [Rats] Mixed format token collections (was Re: Ne… Laurence Lundblade
- Re: [Rats] Collection binding (was Re: New RATS) Simon Frost
- Re: [Rats] Mixed format token collections (was Re… Simon Frost
- Re: [Rats] Mixed format token collections (was Re… Laurence Lundblade
- Re: [Rats] Collection binding (was Re: New RATS) Laurence Lundblade