Re: [Rats] Call for adoption (after draft rename) for Yang module draft

Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Thu, 14 November 2019 15:03 UTC

Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90533120274 for <rats@ietfa.amsl.com>; Thu, 14 Nov 2019 07:03:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HVIFcVFMYKUp for <rats@ietfa.amsl.com>; Thu, 14 Nov 2019 07:03:09 -0800 (PST)
Received: from mailext.sit.fraunhofer.de (mailext.sit.fraunhofer.de [141.12.72.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4241012025D for <rats@ietf.org>; Thu, 14 Nov 2019 07:03:08 -0800 (PST)
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.15.2/8.15.2/Debian-10) with ESMTPS id xAEF2xM6027965 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA256 bits=128 verify=NOT); Thu, 14 Nov 2019 16:03:00 +0100
Received: from [192.168.16.50] (79.234.112.245) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.468.0; Thu, 14 Nov 2019 16:02:54 +0100
To: =?UTF-8?B?U2Now7Zud8OkbGRlciwgSsO8cmdlbg==?= <J.Schoenwaelder@jacobs-university.de>, Laurence Lundblade <lgl@island-resort.com>
CC: Dave Thaler <dthaler@microsoft.com>, "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, "Oliver, Ian (Nokia - FI/Espoo)" <ian.oliver@nokia-bell-labs.com>, "Smith, Ned" <ned.smith@intel.com>, "rats@ietf.org" <rats@ietf.org>
References: <8B173958-FC2A-4D1D-A81C-F324AB632CD7@cisco.com> <147F9159-6055-4E55-ABDC-43DFE3498BF1@island-resort.com> <ce5f8206-74dc-36bb-0093-a93045d5c67f@sit.fraunhofer.de> <0A7E3A4F-8534-4E98-BCB7-1454E07699F4@island-resort.com> <C3AE2645-49C8-4313-BCED-02FEB576B614@cisco.com> <1C8A1884-A37D-45E3-8C11-2FC5A083B245@island-resort.com> <HE1PR0702MB375366C5F7FE5C497C35D73B8F740@HE1PR0702MB3753.eurprd07.prod.outlook.com> <7106C9D3-8ED1-419E-81F8-4CDA799BEDAE@intel.com> <MWHPR21MB07844F61BEFAE03F9E7DD290A3770@MWHPR21MB0784.namprd21.prod.outlook.com> <6E7D64B4-2049-4D0A-ADC5-CA3F0647779B@island-resort.com> <20191114140600.itrr5mjiysgutsj5@anna.jacobs.jacobs-university.de>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <59707a99-8cec-2005-b1ee-72f171234cbe@sit.fraunhofer.de>
Date: Thu, 14 Nov 2019 16:02:53 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <20191114140600.itrr5mjiysgutsj5@anna.jacobs.jacobs-university.de>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [79.234.112.245]
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/g03qioqIoolUoR3Ckf10RlAROKg>
Subject: Re: [Rats] Call for adoption (after draft rename) for Yang module draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Nov 2019 15:03:12 -0000

Hi Jürgen,

I think this is very useful input.

On the list, Laurence and I already started to discuss Claims for "YANG 
modeled data" and Claims for "TPM modled data" (referred to as tpm 
tokens recently).

The remaining questions are about: What do you think is the upcoming/TBD 
impact on the current YANG module for challenge-response RATS?

Leveraging YANG modeled data comes up again and again. Maybe there is 
good approach here.

The TPM Interface based YANG Module does not simply convey native TPM 
structure, but decomposes them down the values that are useful and 
common on the management plane because the building blocks themselves 
have well defined semantics (always ensuring canonical re-composition).

Viele Grüße,

Henk

On 14.11.19 15:06, Schönwälder, Jürgen wrote:
> On Wed, Nov 13, 2019 at 10:07:02AM -0800, Laurence Lundblade wrote:
>>
>> I see EAT as applicable to all these worlds, where the YANG module is just for the smallish router world. So I mostly agree with Dave about proportions, however this is the IETF where YANG modules are created.  (Maybe I should go join the W3C world and work on attestations APIs for browsers after RATS is done).
>>
> 
> If EAT is the common format for "token", then it does not make sense
> to me to define a YANG version of it. It may make sense to carry EAT
> token over protocols such as NETCONF or RESTCONF and to have a YANG
> module defining this may make sense for the networking device world.
> This is then a definition of an interaction protocol, but not the
> token format itself.
> 
> If EAT is the common format for "token", then it may make sense to be
> able to include "claims" that are YANG defined data. That may be an
> extension of the core EAT definition (but EAT would have to allow for
> such an extension to work). There is a lot of formally defined data in
> YANG modules that would be convenient to reuse as claims in a
> networking world.
> 
> /js
>