Re: [Rats] [EXTERNAL] Re: EAT IANA registry
Mike Jones <Michael.Jones@microsoft.com> Sun, 24 November 2019 22:14 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5DF712004C for <rats@ietfa.amsl.com>; Sun, 24 Nov 2019 14:14:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hbwdr6ChPvZH for <rats@ietfa.amsl.com>; Sun, 24 Nov 2019 14:14:47 -0800 (PST)
Received: from NAM06-BL2-obe.outbound.protection.outlook.com (mail-bl2nam06on0715.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe55::715]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2728C12003E for <rats@ietf.org>; Sun, 24 Nov 2019 14:14:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LmNbOUMBFwshuluHh/svb0GJxjrY48aIZ5vLD/eGt+54j87iv5fPvsKYaW1H6r+3QwhVPqT7zeU0XA4/fHT4nKydPUBbHK5hbxTkVpPeSu1j44ZbP4HoXpRPfJSHogzH9ejHGSevtKvbTQaRkvnI50Q9TtOqKQOvbZNc9r7rHM3zUT0AcSHX3HzcBxp3ELasfHVAhhsYpBvr3q9WV6VlX+1aJ1XtM1mbaMlsphDCjv+OJMp+zW4GWgChgSo5lCgTlhGfnyD4u/pMjP2Tv6Vg09B1u2Ho8Apm4g41PmAOHOqotz9wRdPQMQX504Z0pHyXkZJUrXh8YCyBsMo0KejFlw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=seOVCkgzdnAXyQtGXEcbtCgjgEFUAED0Vf0dBxuqpLE=; b=hXsow/P614KnM5l7tnSc+H66Dn+p2eWiXLEnNSs7YByFPMvvGz0fAFdqjM1tVUPjSfNW4jOqcfFwOWyYdSvVHn/Dk2zstruGjWzUzJ+U+RTnljEmcRvHb1nWTkrNiCVwzRyPrfWZk4QR4HnAq2Na5OV7rgOMIULggwrvJ56mYjuf7nDc6fnYV8AqLGtG5gjeFKSUmcqe22MfTvSyg92j16GdlUO4KHTGhamq5bil9foybCfcU0D49CTa1kwMWd/jSk6jDhkleqmr1e2lOLCGSYk+6FgIhXFcBAT6Rq5l0MIfFDonU2xMnOSTzzD/zxXtVelMLVsD2O00Pw+Paja6Kw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=seOVCkgzdnAXyQtGXEcbtCgjgEFUAED0Vf0dBxuqpLE=; b=DTBQOij0I6NkZ2jBmKd2VXhU4Xcpd4bc6VTCqM91FRY3i76FPckZWZjamo/krb8t4CnfuO3Y4Xed+az+JjMMNv1j6WiQ2me5ALyr6QnYpRjcyDvwO/G2iIKUJDKxjDfFkybspFLTR4mfykEWiHy8dzQGTayRHX6i35bmpu+S1S0=
Received: from DM6PR00MB0569.namprd00.prod.outlook.com (20.179.51.12) by DM6PR00MB0556.namprd00.prod.outlook.com (20.179.49.79) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2523.0; Sun, 24 Nov 2019 22:14:30 +0000
Received: from DM6PR00MB0569.namprd00.prod.outlook.com ([fe80::2cfe:cf2c:2101:86be]) by DM6PR00MB0569.namprd00.prod.outlook.com ([fe80::2cfe:cf2c:2101:86be%9]) with mapi id 15.20.2526.000; Sun, 24 Nov 2019 22:14:30 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Laurence Lundblade <lgl@island-resort.com>, Yaron Sheffer <yaronf.ietf@gmail.com>
CC: "rats@ietf.org" <rats@ietf.org>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Thread-Topic: [EXTERNAL] Re: [Rats] EAT IANA registry
Thread-Index: AQHVoPrSBWTODkJFP0eDJvG6oNSrxKeWtxEAgACRUQCAAav9AIAB8jEQ
Date: Sun, 24 Nov 2019 22:14:30 +0000
Message-ID: <DM6PR00MB05697456BC04AC34B156850DF54B0@DM6PR00MB0569.namprd00.prod.outlook.com>
References: <D2CF9D31-057E-4B47-A3D0-08BBBF997F47@gmail.com> <VI1PR08MB53605A2A2E61E6EAE2609FECFA490@VI1PR08MB5360.eurprd08.prod.outlook.com> <09C4F36B-C9CE-44DF-9DF8-F3365A7E3053@gmail.com> <53C13986-A523-4349-BDC3-F8ACC2BCFD29@island-resort.com>
In-Reply-To: <53C13986-A523-4349-BDC3-F8ACC2BCFD29@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=d223ac97-f9a3-4789-b55e-00001fcef158; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-11-24T22:12:29Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [50.47.93.218]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: c3e05a44-9535-4c78-49b5-08d7712bad5a
x-ms-traffictypediagnostic: DM6PR00MB0556:
x-microsoft-antispam-prvs: <DM6PR00MB0556D5C1468EFB31EE0E758FF54B0@DM6PR00MB0556.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 02318D10FB
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(376002)(136003)(366004)(39860400002)(396003)(40434004)(199004)(189003)(54906003)(81156014)(8936002)(316002)(6306002)(66066001)(54896002)(966005)(7736002)(74316002)(99286004)(81166006)(8676002)(66946007)(66556008)(52536014)(71190400001)(71200400001)(66446008)(64756008)(236005)(9686003)(33656002)(66476007)(86362001)(256004)(7696005)(5660300002)(25786009)(14444005)(5024004)(3846002)(446003)(76176011)(186003)(11346002)(26005)(55016002)(76116006)(229853002)(6116002)(8990500004)(790700001)(53546011)(6506007)(4326008)(6436002)(10090500001)(10290500003)(478600001)(606006)(102836004)(110136005)(2906002)(6246003)(14454004)(22452003); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR00MB0556; H:DM6PR00MB0569.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR00MB05697456BC04AC34B156850DF54B0DM6PR00MB0569namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c3e05a44-9535-4c78-49b5-08d7712bad5a
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Nov 2019 22:14:30.1172 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: WdxhyI6agGqDj57xCG0WXrd1h4Ye65/ZYVbG/5TBONsn6EZRm4qQBGsCriE8ZnnCl3kAPyTRIC40mm4gr4va8A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR00MB0556
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/gLDdi7r4f1n_ts4lYGmNRVywQgE>
Subject: Re: [Rats] [EXTERNAL] Re: EAT IANA registry
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Nov 2019 22:14:50 -0000
EAT should use the IANA JSON Web Token (JWT) Claims registry for JWT claims and the IANA CBOR Web Token (CWT) Claims registry for CWT claims. It’s intended that claims from different use cases inhabit the same registry, to facilitate claim reuse across use cases, where appropriate. If they aren’t reused, no harm is done.
It would be far more confusing to developers to create duplicate, EAT-specific registries.
-- Mike
From: RATS <rats-bounces@ietf.org> On Behalf Of Laurence Lundblade
Sent: Saturday, November 23, 2019 8:29 AM
To: Yaron Sheffer <yaronf.ietf@gmail.com>
Cc: rats@ietf.org; Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Subject: [EXTERNAL] Re: [Rats] EAT IANA registry
One of our thoughts is that EAT profiles will help with this. For example, a special profile for toasters might list 5 claims that must be included in every attestation and 10 claims that are optional and maybe even prohibit all others.
LL
On Nov 22, 2019, at 6:57 AM, Yaron Sheffer <yaronf.ietf@gmail.com<mailto:yaronf.ietf@gmail.com>> wrote:
Hi Hannes,
Looking at the JWT claim IANA registry [1], it is already a terrible mess of several different standards, obviously with many more coming. I guess what’s done is done, and I’ll take back my objection.
Thanks,
Yaron
[1] https://www.iana.org/assignments/jwt/jwt.xhtml#claims<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.iana.org%2Fassignments%2Fjwt%2Fjwt.xhtml%23claims&data=02%7C01%7CMichael.Jones%40microsoft.com%7C4dde883a52724dfeca7208d770325916%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637101233926912501&sdata=BdNuJhTcNNPSZwILWxum3RBISkNlmdS7QLiwO7xosxk%3D&reserved=0>
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>>
Date: Friday, November 22, 2019 at 14:17
To: Yaron Sheffer <yaronf.ietf@gmail.com<mailto:yaronf.ietf@gmail.com>>, "rats@ietf.org<mailto:rats@ietf.org>" <rats@ietf.org<mailto:rats@ietf.org>>
Subject: RE: EAT IANA registry
Yaron,
Could you explain why you think that this is a good idea?
Ciao
Hannes
From: RATS <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org>> On Behalf Of Yaron Sheffer
Sent: Friday, November 22, 2019 2:05 PM
To: rats@ietf.org<mailto:rats@ietf.org>
Subject: [Rats] EAT IANA registry
Unrelated to my earlier mail, I would recommend to create a separate registry for EAT claims (I suppose that implies a nested object in the JWT/CWT) rather than to overload the CWT registry. Architecturally it just doesn’t jive to have all these claims as baseline CWT claims, and process-wise, it’s much more convenient for this group to control its own namespace.
Sorry if this has been raised before.
Thanks,
Yaron
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________
RATS mailing list
RATS@ietf.org<mailto:RATS@ietf.org>
https://www.ietf.org/mailman/listinfo/rats<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Frats&data=02%7C01%7CMichael.Jones%40microsoft.com%7C4dde883a52724dfeca7208d770325916%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637101233926912501&sdata=3ei85Yo%2BWgKEVsozHSJtDIO1s0oyzPbspJ2QH5mGV0M%3D&reserved=0>
- [Rats] EAT IANA registry Yaron Sheffer
- Re: [Rats] EAT IANA registry Hannes Tschofenig
- Re: [Rats] EAT IANA registry Yaron Sheffer
- Re: [Rats] EAT IANA registry Laurence Lundblade
- Re: [Rats] EAT IANA registry Yaron Sheffer
- Re: [Rats] EAT IANA registry Laurence Lundblade
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Mike Jones
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Benjamin Kaduk
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Laurence Lundblade
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Kathleen Moriarty
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Yaron Sheffer
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Mike Jones
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Yaron Sheffer
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Mike Jones
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Laurence Lundblade
- Re: [Rats] [EXTERNAL] Re: EAT IANA registry Jeremy O'Donoghue