Re: [Rats] Should we remove submods from EAT? (was Re: EAT Review Comments)
Thomas Fossati <tho.ietf@gmail.com> Thu, 16 December 2021 11:38 UTC
Return-Path: <tho.ietf@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03E783A0D75 for <rats@ietfa.amsl.com>; Thu, 16 Dec 2021 03:38:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RnZXwp4w0ftg for <rats@ietfa.amsl.com>; Thu, 16 Dec 2021 03:37:58 -0800 (PST)
Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36C3E3A0D7E for <rats@ietf.org>; Thu, 16 Dec 2021 03:37:58 -0800 (PST)
Received: by mail-lf1-x12b.google.com with SMTP id c32so49181057lfv.4 for <rats@ietf.org>; Thu, 16 Dec 2021 03:37:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=MTTM9QvTVrPXwq4HPDNgopBNiLFlV5/3NNraB9k3MMg=; b=eqQq4IorQ4W8dJO3A9i2VVNAX7uZF1rLb1FcLnTk6c2t+FbSgQNI+GXEpzB16U3R2b ch4WdVdSzE3pn+28d3a7TwwwIPKf83r8EA70YMIF7POnbBUpUjK/3U6M1WtNJXiQF91c sm9HNDdh1WqnD5D9+mfNI32Fd74wj1xdXhldjEd2/jRQcxbK+iCIBKZoF7HuhmQ0hQ5R JBmWWz3TyyFVPurB64R20kmdjWFo2ukYztpWaSuUbng1EVULEewsfVbHwdHeqjqlPadK x4sMZT1yq6RtlvNFAa5Rr+m4gfKI4wEZDNVLpg1mEEYyYYUfgbRHHtKL9bWA6+z9SXWC WE2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=MTTM9QvTVrPXwq4HPDNgopBNiLFlV5/3NNraB9k3MMg=; b=NqjCIBRUrjeEB1C9qcHpFfZCVarOaHKPQPK3H669AK/mTdDt+c2zpekkHsHQAHanlM mSIlqEbfUd7ptkGjAqMMDiMxgcsF2d/1U85wZQ69+Q6zCtJwxJ+O7q0Ik+zrf6Mg8+A0 yiJVQKqMsNzF0q/rt9bG14HwihX01hN1li8OOGkf/dTWtzezBsXfP2rFfpxfKe4rkPfa nbrubMHqjKbOd2cCUdqGfXRMUzJ2YOXZY7kV7OBx7ieA2WP2Dq+hh2xT7pU2kMZxyi4a kFldyrZUVQWWyq4ALD2T9T9HalrPfUl6A9aJHOrartSxMSPHlyfQ1kmyYk1+PHz8OP8D QqPw==
X-Gm-Message-State: AOAM533onzN82tnWKsxvN1164eFK5MrRlZ7HdjoWypFfBHQM/SbLFme2 5F/xSoz5Svs0zYmOi6b6SNMKBqoq59hipNyXgYk=
X-Google-Smtp-Source: ABdhPJyGulJ2wA1VyjSF016a3eXFReMfx6l1HKIRLInMKS4rpwLiHwzolcKEXt67s4FNUX6s66gXnnCjoLb6+FWwFpI=
X-Received: by 2002:a05:6512:3324:: with SMTP id l4mr2227499lfe.30.1639654673989; Thu, 16 Dec 2021 03:37:53 -0800 (PST)
MIME-Version: 1.0
References: <DBBPR08MB59150EEE386E675005A52124FA6E9@DBBPR08MB5915.eurprd08.prod.outlook.com> <B81765CF-8515-440B-A021-977FCD59D5E2@island-resort.com> <DBBPR08MB5915DD8BAA394E7D665E4C7DFA709@DBBPR08MB5915.eurprd08.prod.outlook.com> <E6E179AD-23AA-4B22-A0CE-26BED6BB2862@island-resort.com>
In-Reply-To: <E6E179AD-23AA-4B22-A0CE-26BED6BB2862@island-resort.com>
From: Thomas Fossati <tho.ietf@gmail.com>
Date: Thu, 16 Dec 2021 11:37:38 +0000
Message-ID: <CAObGJnPJdzE=8drwJAMUsTQtsDBW1GpNQwQ-MQDBK+eJ59Un0A@mail.gmail.com>
To: Laurence Lundblade <lgl@island-resort.com>
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "rats@ietf.org" <rats@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/ht3Ax_gZdazbBeuNezHEAXxhqFU>
Subject: Re: [Rats] Should we remove submods from EAT? (was Re: EAT Review Comments)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Dec 2021 11:38:03 -0000
hi Laurence, I agree with you that submods exist for a very good reason. They have particular value if the composition pattern is static and known a-priori (Ned's email has some interesting points in this regard). The existence of submods has enabled some interesting expression during prototyping efforts here. Note also that I would be concerned that if submods did not exist then that might result in multiple custom solutions emerging to express nesting, which would be a poor result for the wider RATS standardisation efforts. The current definition is nice and simple, though I would like to explore some extra functionality at some point. The small trouble I have with it is that the string type limits the expressiveness of the submod identifier. Ideally, one could have a composite, more powerful type on the LHS of the submod definition. Note that this would be possible in CBOR but not in JSON, so if we want interworking between the two formats we'd need to find another solution. For example one where the RHS clearly separates identification information from the measurements. At that point the string key would be redundant, or left as a hint. At the moment I don't have a very concrete proposal (i.e., code) though, so this is just a thought. cheers, On Wed, Dec 15, 2021 at 7:01 PM Laurence Lundblade <lgl@island-resort.com> wrote: > > Lots discussion on EAT. :-) > > Chunking through it... > > On Dec 9, 2021, at 2:45 AM, Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote: > > Laurence wrote: > > There’s strong logic here: > — RATS architecture explicitly calls out composite attestation — A submodule can be a nested EAT to implement composite attestation — A nested EAT can be a CWT, UCCS or DEB — The CDDL that specifies a nested EAT submodule thus must mention UCCS > > So a UCCS is a claim that goes into a CWT. I think UCCS, particularly CDDL for UCCS, must be included because of this. > > > [Hannes] I wonder whether everything in the RATS architecture should be covered in the EAT specification for several reasons: > - First, the EAT spec becomes complex and harder to read. > - Second, the RATS architecture enumerates everything that came into someone's mind or, as we later learned, can be patented. > - Given the status of the industry with attestation I believe it will take a while to even get the basic functionality deployed. For more complex use cases it can easily take several years. > > > In the above, I said that RATS architecture has composite attestation and therefor we need EAT submods. Hannes is maybe suggesting we don’t need submods because they add too much complexity. > > Here’s a few more reasons for submods: > > - Complex devices like phones, routers and cars have a large number of subsystems. For the router case, you may have individual attestation from cards in the router and one for the chassis. A mobile phone has like 10 major compute environments (TEE, camera, modem, low power audio, CPU/GPU…) We need a way to express and organize claims for all sorts of complex devices. > > - submods give EAT a very substantial expressive power for all sorts of use cases. Not having them would result in people inventing ad hoc schemes for their use cases. > > > - I recall a few conversations with various folks that see important for submods in their use cases > > > I have a strong conviction that submods, including nested tokens, are necessary for EAT now and are worth the complexity they add. > > LL > > (Happy to consider improvements to the submods design) > (Submods != UCCS/UJCS; UCCS and UJCS are related, but can be a separate decision) > > _______________________________________________ > RATS mailing list > RATS@ietf.org > https://www.ietf.org/mailman/listinfo/rats -- Thomas
- [Rats] EAT Review Comments Hannes Tschofenig
- Re: [Rats] EAT Review Comments Michael Richardson
- Re: [Rats] EAT Review Comments Laurence Lundblade
- Re: [Rats] EAT Review Comments Hannes Tschofenig
- Re: [Rats] EAT Review Comments Henk Birkholz
- Re: [Rats] EAT Review Comments Hannes Tschofenig
- Re: [Rats] EAT Review Comments Hannes Tschofenig
- Re: [Rats] EAT Review Comments Laurence Lundblade
- Re: [Rats] EAT Review Comments Henk Birkholz
- Re: [Rats] EAT Review Comments Jeremy O'Donoghue
- Re: [Rats] EAT Review Comments Hannes Tschofenig
- Re: [Rats] EAT Review Comments Hannes Tschofenig
- Re: [Rats] EAT Review Comments Jeremy O'Donoghue
- Re: [Rats] EAT Review Comments Hannes Tschofenig
- Re: [Rats] EAT Review Comments Laurence Lundblade
- Re: [Rats] EAT Review Comments Henk Birkholz
- [Rats] Should we remove submods from EAT? (was Re… Laurence Lundblade
- [Rats] DLOAs claim (was Re: EAT Review Comments) Laurence Lundblade
- Re: [Rats] DLOAs claim (was Re: EAT Review Commen… Smith, Ned
- Re: [Rats] Should we remove submods from EAT? (wa… Smith, Ned
- Re: [Rats] Should we remove submods from EAT? (wa… Thomas Fossati
- Re: [Rats] Should we remove submods from EAT? (wa… Michael Richardson
- Re: [Rats] Should we remove submods from EAT? (wa… Laurence Lundblade
- Re: [Rats] Should we remove submods from EAT? (wa… Smith, Ned
- Re: [Rats] Should we remove submods from EAT? (wa… Ira McDonald
- Re: [Rats] Should we remove submods from EAT? (wa… Laurence Lundblade
- Re: [Rats] Should we remove submods from EAT? (wa… Smith, Ned