Re: [Rats] Profile identifier (was Re: EAT Profiles)
Russ Housley <housley@vigilsec.com> Tue, 20 September 2022 21:31 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 895FFC14CE3C for <rats@ietfa.amsl.com>; Tue, 20 Sep 2022 14:31:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1m1gDy0WKx38 for <rats@ietfa.amsl.com>; Tue, 20 Sep 2022 14:31:01 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9956C14F692 for <rats@ietf.org>; Tue, 20 Sep 2022 14:31:01 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 9D0D91529AA; Tue, 20 Sep 2022 17:31:00 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (unknown [96.241.2.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 7F27015299F; Tue, 20 Sep 2022 17:31:00 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <657B200D-204D-411F-B1C4-5709CD794E7B@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_661F85C0-D5EE-403F-A5C9-CFF9BB3A2FFC"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Tue, 20 Sep 2022 17:31:00 -0400
In-Reply-To: <885ABB6E-FD98-45E2-84BE-5A3A3C37D3F8@island-resort.com>
Cc: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, Thomas Fossati <tho.ietf@gmail.com>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
To: Laurence Lundblade <lgl@island-resort.com>
References: <71934.1663019954@dooku> <DBBPR08MB5915AC23726BF997EB9E44C4FA489@DBBPR08MB5915.eurprd08.prod.outlook.com> <19805.1663344806@dooku> <AS8PR08MB5911DB2FE9608541698983B0FA4D9@AS8PR08MB5911.eurprd08.prod.outlook.com> <ab4312d3-c35f-5e72-9658-ca88ba3523c2@sit.fraunhofer.de> <CAObGJnNjuTT+QqnSpp1abrX-1hHGzCkVkzrM8GArPs8sDu=W+g@mail.gmail.com> <f9f289ad-5f36-b781-7502-219778148491@sit.fraunhofer.de> <885ABB6E-FD98-45E2-84BE-5A3A3C37D3F8@island-resort.com>
X-Mailer: Apple Mail (2.3445.104.21)
X-Scanned-By: mailmunge 3.09 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/hMXRAWanynBxrFOfN2RJrljEAk8>
Subject: Re: [Rats] Profile identifier (was Re: EAT Profiles)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Sep 2022 21:31:05 -0000
The OID can be a PEN, which is a prefix assigned by IANA, and then the party that owns the prefix can manage the rest by themselves. I like the distributed nature of that approach. Russ > On Sep 20, 2022, at 4:09 PM, Laurence Lundblade <lgl@island-resort.com> wrote: > > Here’s 3 ways to identify a profile. The first two are in EAT now. The last is not. > > 1) OID > 2) URI > 3) IANA first-come-first-served integer. No text strings, just a simple monotonic integer, 0, 1, 2, 3, 4… A URI can be associated with the integer if the profile is published, but it isn’t required. > > We can do any combo of the above (e.g., what’s in the doc now, just 2 and 3,…). I don’t have a strong opinion, but just 3 seems in the spirit of being small and simple to me. > > The two issues with 3) I can see are: > - Is it OK to consume more IANA resources here? I assume yes. It’s kind of their job and it isn’t hard to do this > - The profile was pre-allocated by IANA as OID and URI and there probably some implementations > > LL > > > >> On Sep 19, 2022, at 9:51 AM, Henk Birkholz <henk.birkholz@sit.fraunhofer.de <mailto:henk.birkholz@sit.fraunhofer.de>> wrote: >> >> If it has to be specified in a stable document anyways, I cannot fathom the need for a URI. Just do a number and go to IANA? >> >> On 19.09.22 17:42, Thomas Fossati wrote: >>> hi Henk, >>> On Mon, Sep 19, 2022 at 1:04 PM Henk Birkholz <henk.birkholz@sit.fraunhofer.de <mailto:henk.birkholz@sit.fraunhofer.de> <mailto:henk.birkholz@sit.fraunhofer.de <mailto:henk.birkholz@sit.fraunhofer.de>>> wrote: >>> > > * Would it be useful to reference profiles by number >>> (rather than >>> > > URLs)? Probably so. >>> > >>> > It seems like we ought to have an optional registry, and if >>> someone wants to use a URI, then fine. >>> Not sure on the URI part really, but if there is enough support for >>> it... How would EAT ensure interoperability, if we allow for 'any >>> URI as >>> profile identifier' use outside the 'custom/local/experimental' scope? >>> Or would that automatically imply that scope? >>> I wouldn't be worried about that. EAT profiles need to be specified in a stable document. The visibility of that document is what determines the reach and interoperability of that profile. A profile ID (URL or else) is an identifier for the document. >>> cheers, >>> -- >>> Thomas >> >> _______________________________________________ >> RATS mailing list >> RATS@ietf.org <mailto:RATS@ietf.org> >> https://www.ietf.org/mailman/listinfo/rats > > _______________________________________________ > RATS mailing list > RATS@ietf.org > https://www.ietf.org/mailman/listinfo/rats
- [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Thomas Fossati
- Re: [Rats] EAT Profiles Laurence Lundblade
- Re: [Rats] EAT Profiles Laurence Lundblade
- Re: [Rats] EAT Profiles Smith, Ned
- Re: [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Hannes Tschofenig
- Re: [Rats] EAT Profiles Hannes Tschofenig
- Re: [Rats] EAT Profiles Thomas Fossati
- Re: [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Laurence Lundblade
- [Rats] EAT Claim Constraining (was Re: EAT Profil… Laurence Lundblade
- [Rats] Why variability is needed (Re: EAT Profile… Laurence Lundblade
- Re: [Rats] EAT Profiles Smith, Ned
- Re: [Rats] Why variability is needed (Re: EAT Pro… Michael Richardson
- Re: [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Hannes Tschofenig
- Re: [Rats] EAT Profiles Henk Birkholz
- Re: [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Hannes Tschofenig
- Re: [Rats] EAT Profiles Carl Wallace
- Re: [Rats] EAT Profiles Thomas Fossati
- Re: [Rats] EAT Profiles Thomas Fossati
- Re: [Rats] EAT Profiles Smith, Ned
- Re: [Rats] EAT Profiles Michael Richardson
- Re: [Rats] EAT Profiles Henk Birkholz
- Re: [Rats] EAT Profiles Carl Wallace
- Re: [Rats] Why variability is needed (Re: EAT Pro… Smith, Ned
- Re: [Rats] EAT Profiles Thomas Fossati
- [Rats] Profile identifier (was Re: EAT Profiles) Laurence Lundblade
- Re: [Rats] Profile identifier (was Re: EAT Profil… Smith, Ned
- Re: [Rats] Profile identifier (was Re: EAT Profil… Russ Housley
- Re: [Rats] Profile identifier (was Re: EAT Profil… Michael Richardson
- Re: [Rats] Profile identifier (was Re: EAT Profil… Michael Richardson
- Re: [Rats] Profile identifier (was Re: EAT Profil… Giridhar Mandyam
- Re: [Rats] Profile identifier (was Re: EAT Profil… Henk Birkholz
- Re: [Rats] Profile identifier (was Re: EAT Profil… Giridhar Mandyam
- Re: [Rats] Profile identifier (was Re: EAT Profil… Henk Birkholz
- Re: [Rats] Profile identifier (was Re: EAT Profil… Giridhar Mandyam
- Re: [Rats] Profile identifier (was Re: EAT Profil… Henk Birkholz
- Re: [Rats] Profile identifier (was Re: EAT Profil… Giridhar Mandyam
- Re: [Rats] Profile identifier (was Re: EAT Profil… Smith, Ned
- Re: [Rats] Profile identifier (was Re: EAT Profil… Laurence Lundblade
- Re: [Rats] Profile identifier (was Re: EAT Profil… Michael Richardson
- Re: [Rats] Profile identifier (was Re: EAT Profil… Michael Richardson
- Re: [Rats] Profile identifier (was Re: EAT Profil… Smith, Ned
- Re: [Rats] EAT Profiles Dave Thaler