[Rats] EAT Profiles
Michael Richardson <mcr+ietf@sandelman.ca> Wed, 14 September 2022 15:02 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6945C152718 for <rats@ietfa.amsl.com>; Wed, 14 Sep 2022 08:02:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.57
X-Spam-Level:
X-Spam-Status: No, score=-0.57 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_24_48=1.34, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QZlJEi3PCkOM for <rats@ietfa.amsl.com>; Wed, 14 Sep 2022 08:02:56 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00:e000:2bb::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15B1CC14CE43 for <rats@ietf.org>; Wed, 14 Sep 2022 08:02:23 -0700 (PDT)
Received: from dooku.sandelman.ca (dynamic-046-114-142-078.46.114.pool.telefonica.de [46.114.142.78]) by relay.sandelman.ca (Postfix) with ESMTPS id 492A91F4D6 for <rats@ietf.org>; Wed, 14 Sep 2022 14:52:26 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id AFBD11A029E; Mon, 12 Sep 2022 23:59:14 +0200 (CEST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: rats@ietf.org
X-Attribution: mcr
X-Mailer: MH-E 8.6+git; nmh 1.7.1; GNU Emacs 27.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Mon, 12 Sep 2022 23:59:14 +0200
Message-ID: <71934.1663019954@dooku>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/fccVV9DWxFeLIwezKREa_2n93Pw>
Subject: [Rats] EAT Profiles
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Sep 2022 15:03:00 -0000
I read through the EAT profile for TEEP. Dave posted the link at: https://www.ietf.org/archive/id/draft-ietf-teep-protocol-10.html#name-eat-profile let me reproduce some of it: > profile-label: The profile-label for this specification is the URI > https://datatracker.ietf.org/doc/html/draft-ietf-teep-protocol-10. (RFC-editor: > upon RFC publication, replace string with > "https://www.rfc-editor.org/info/rfcXXXX" where XXXX is the RFC number of > this document.) First, this really feels wrong to use a string here for a constrained object. My first suggestion is that it be FCFS registry. Second, the next bunch of items: > Use of JSON, CBOR, or both: CBOR only. > CBOR Map and Array Encoding: Only definite length arrays and maps. > CBOR String Encoding: Only definite-length strings are allowed. > CBOR Preferred Serialization: Encoders must use preferred serialization, > and decoders need not accept non-preferred serialization. > COSE/JOSE Protection: See Section 8. > Detached EAT Bundle Support: DEB use is permitted. > Verification Key Identification: COSE Key ID (kid) is used, where the key > ID is the hash of a public key (where the public key may be used as a raw > public key, or in a certificate). > CBOR Tags: CBOR Tags are not used. I really don't like the EAT has not made a clear judgement on these things already. I'd really really like EAT to be far more opinionated. The above list looks like it will be 95% of CBOR-based EAT "profiles" Could EAT just write this down, and give it a name? That way, we can well tested libraries that do the right thing here. I think that really this is where Eliot is coming from. EAT is all a la carte, and we are asking for a coordinated, three course set-menu. (Please pair the wine with the fish.) > Endorsement Identification: Optional, but semantics are the same as in > Verification Key Identification. I guess I have to read more about what this means, as told me nothing :-) > Freshness: See Section 9. It's totally reasonable that TEEP would have some specific freshness requirements. > Required Claims: None. > Prohibited Claims: None. > Additional Claims: Optional claims are those listed in Section 4.3.1. This totally surprises me. Are you saying that it's okay for TEEP evidence to have *NO CLAIMS*? Surely that can't be right. If there was anything I expected to see in a profile it would be a list of required claims. > Refined Claim Definition: None. This is part of what worries me. There should never be any semantics changes between profiles for claims. > Manifests and Software Evidence Claims: The sw-name claim for a Trusted > Component holds the URI of the SUIT manifest for that component. okay, this is actually important. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Thomas Fossati
- Re: [Rats] EAT Profiles Laurence Lundblade
- Re: [Rats] EAT Profiles Laurence Lundblade
- Re: [Rats] EAT Profiles Smith, Ned
- Re: [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Hannes Tschofenig
- Re: [Rats] EAT Profiles Hannes Tschofenig
- Re: [Rats] EAT Profiles Thomas Fossati
- Re: [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Laurence Lundblade
- [Rats] EAT Claim Constraining (was Re: EAT Profil… Laurence Lundblade
- [Rats] Why variability is needed (Re: EAT Profile… Laurence Lundblade
- Re: [Rats] EAT Profiles Smith, Ned
- Re: [Rats] Why variability is needed (Re: EAT Pro… Michael Richardson
- Re: [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Hannes Tschofenig
- Re: [Rats] EAT Profiles Henk Birkholz
- Re: [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Hannes Tschofenig
- Re: [Rats] EAT Profiles Carl Wallace
- Re: [Rats] EAT Profiles Thomas Fossati
- Re: [Rats] EAT Profiles Thomas Fossati
- Re: [Rats] EAT Profiles Smith, Ned
- Re: [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Henk Birkholz
- Re: [Rats] EAT Profiles Carl Wallace
- Re: [Rats] Why variability is needed (Re: EAT Pro… Smith, Ned
- Re: [Rats] EAT Profiles Thomas Fossati
- [Rats] Profile identifier (was Re: EAT Profiles) Laurence Lundblade
- Re: [Rats] Profile identifier (was Re: EAT Profil… Smith, Ned
- Re: [Rats] Profile identifier (was Re: EAT Profil… Russ Housley
- Re: [Rats] Profile identifier (was Re: EAT Profil… Michael Richardson
- Re: [Rats] Profile identifier (was Re: EAT Profil… Michael Richardson
- Re: [Rats] Profile identifier (was Re: EAT Profil… Giridhar Mandyam
- Re: [Rats] Profile identifier (was Re: EAT Profil… Henk Birkholz
- Re: [Rats] Profile identifier (was Re: EAT Profil… Giridhar Mandyam
- Re: [Rats] Profile identifier (was Re: EAT Profil… Henk Birkholz
- Re: [Rats] Profile identifier (was Re: EAT Profil… Giridhar Mandyam
- Re: [Rats] Profile identifier (was Re: EAT Profil… Henk Birkholz
- Re: [Rats] Profile identifier (was Re: EAT Profil… Giridhar Mandyam
- Re: [Rats] Profile identifier (was Re: EAT Profil… Smith, Ned
- Re: [Rats] Profile identifier (was Re: EAT Profil… Laurence Lundblade
- Re: [Rats] Profile identifier (was Re: EAT Profil… Michael Richardson
- Re: [Rats] Profile identifier (was Re: EAT Profil… Michael Richardson
- Re: [Rats] Profile identifier (was Re: EAT Profil… Smith, Ned
- Re: [Rats] EAT Profiles Dave Thaler