IETF Logo Mail Archive

Re: [Rats] CWT and JWT are good enough?

Anders Rundgren <anders.rundgren.net@gmail.com> Mon, 16 September 2019 15:47 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F17B12081D for <rats@ietfa.amsl.com>; Mon, 16 Sep 2019 08:47:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5a2q6SVt3s3z for <rats@ietfa.amsl.com>; Mon, 16 Sep 2019 08:46:58 -0700 (PDT)
Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [IPv6:2a00:1450:4864:20::331]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 294E112084C for <rats@ietf.org>; Mon, 16 Sep 2019 08:46:58 -0700 (PDT)
Received: by mail-wm1-x331.google.com with SMTP id 7so325892wme.1 for <rats@ietf.org>; Mon, 16 Sep 2019 08:46:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=oA959VUrUc9rObbNjoIpX2XnnvofKx9CtrrzEbCa8DU=; b=HhSWJUdCAs8JMcxJibplVGa1YgPGJEDpd8EOByEjasRiZIyO06ZLdV4Uzm6hTC+hM5 Ry89tIOL4LXVgGbbI8tgB7I3xvLScVugPGqWRt8e4bJ2Dpxzci5QcCYKFx34ofAloblv XY3fgRt9irHFU8/Gg78WoZz4GAmbzRskeFZ+zgaTnj53ehfnMwd63NE4R8clHpX78B9Z 0BprOe5vs50zevWmF/xPbt71jL47z7VT6dyGKfNAeFDjyBzhBF8PrKwH1IQ7RnOjiacm lYLSdttiQQDl2QBYeIxX7N71GVVKCa2c4c5m3UBZWRR8G7yueNc1/VJEgyN9kClZgSA8 KftQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=oA959VUrUc9rObbNjoIpX2XnnvofKx9CtrrzEbCa8DU=; b=OvT9RUenGCFBTzXZVAC7EBTLcCaRdLJHBLSVUpP+xlASC8/bKZuuoZlVoGggo6wSyj 23I/x8DWsAYv1p7v/LSxV6jyoQHLIu1F9cc3vBMU33Zj4HTdtBNMTyV4RCFPJ2mFqMs/ Yb/NKKLPpeh/EBujxabPnUkUMwFLKoKOLs3ZgXDKPuOhzx5/8AAus42u/cFyAJ8avG6O VDC228cJiYn5FTymr5l5G7Ge4LaRerzX+m1a50fQtuYVaW55n20ZFuEnnsVrEcRZG9dV 793X7WSrz6d2x9FDc8hH0XRrzirEwbiPmsL9qqluudhZy7+LmMr27xZikdOMDoLBT01B tEbw==
X-Gm-Message-State: APjAAAXheXahlORh44MBftHGFAP0XF+1rqvEdp8U3WccLjjiAgViLrO6 7g3vPIfLgriFEjBXY3/bmin2J/rF
X-Google-Smtp-Source: APXvYqyKgZdBcLMuC2lt48S4w/jBcLa5AFIdTLS8bh2NQHiWTjYKr3oIumZf/jEOPbbn7RYFPS/MSw==
X-Received: by 2002:a1c:f102:: with SMTP id p2mr221323wmh.0.1568648816238; Mon, 16 Sep 2019 08:46:56 -0700 (PDT)
Received: from [192.168.1.79] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id d9sm46202622wrf.62.2019.09.16.08.46.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 16 Sep 2019 08:46:55 -0700 (PDT)
To: Laurence Lundblade <lgl@island-resort.com>, rats@ietf.org
References: <CDC992AE-B6DB-4BAE-975F-6E2BF9ED2C97@island-resort.com>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <b599af98-1d11-cc86-0942-4185135d5c85@gmail.com>
Date: Mon, 16 Sep 2019 17:46:53 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <CDC992AE-B6DB-4BAE-975F-6E2BF9ED2C97@island-resort.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/fcgj_Rle7RfabyFaOGmQwMy4H7w>
Subject: Re: [Rats] CWT and JWT are good enough?
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Sep 2019 15:47:01 -0000

On 2019-09-16 17:30, Laurence Lundblade wrote:
> I’ve been trying to take the position to avoid even minor divergences from CWT and JWT in EAT. I wish there wasn’t inconsistency between the two, particularly in how the claims registry is handled. That inconsistency has already consumed many hours, even days, of this WG. There’s been some really long email threads about it.
> 
> Fixing it only for EAT seems half-baked. Fixing it for all of CWT and JWT would have to go through those WGs. Seems like a lot of work. We have enough to do, so I’m inclined to live with it.

Since everything crypto-wise in the JOSE stack anyway is covered in Base64Url, I don't see why one would bother with JWTs (or JSON at all for that matter) in EAT.

Anders

> 
> LL
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats
>

v2.23.0 | Report a Bug | By Email