IETF Logo Mail Archive

Re: [Rats] Call for adoption (after draft rename) for Yang module draft

"Smith, Ned" <ned.smith@intel.com> Mon, 11 November 2019 16:26 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BABE512092B for <rats@ietfa.amsl.com>; Mon, 11 Nov 2019 08:26:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pMuN2uWklkVx for <rats@ietfa.amsl.com>; Mon, 11 Nov 2019 08:26:39 -0800 (PST)
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A6C2120921 for <rats@ietf.org>; Mon, 11 Nov 2019 08:26:38 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Nov 2019 08:26:38 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.68,293,1569308400"; d="scan'208";a="197715691"
Received: from orsmsx105.amr.corp.intel.com ([10.22.225.132]) by orsmga008.jf.intel.com with ESMTP; 11 Nov 2019 08:26:37 -0800
Received: from orsmsx160.amr.corp.intel.com (10.22.226.43) by ORSMSX105.amr.corp.intel.com (10.22.225.132) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 11 Nov 2019 08:26:37 -0800
Received: from orsmsx109.amr.corp.intel.com ([169.254.11.161]) by ORSMSX160.amr.corp.intel.com ([169.254.13.204]) with mapi id 14.03.0439.000; Mon, 11 Nov 2019 08:26:37 -0800
From: "Smith, Ned" <ned.smith@intel.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Call for adoption (after draft rename) for Yang module draft
Thread-Index: AQHVlCwI8/lytau3hU+AhCwtIdg/0ad/EtmAgAAHhgCAAAO0AIAGacyAgAAGuoCAAG6gAIAABXMAgABH9wCAABvLgIAACkiA///AhAA=
Date: Mon, 11 Nov 2019 16:26:36 +0000
Message-ID: <D6CA54EA-67F1-4BE6-8D11-32C6597D58E0@intel.com>
References: <8B173958-FC2A-4D1D-A81C-F324AB632CD7@cisco.com> <147F9159-6055-4E55-ABDC-43DFE3498BF1@island-resort.com> <ce5f8206-74dc-36bb-0093-a93045d5c67f@sit.fraunhofer.de> <0A7E3A4F-8534-4E98-BCB7-1454E07699F4@island-resort.com> <C3AE2645-49C8-4313-BCED-02FEB576B614@cisco.com> <1C8A1884-A37D-45E3-8C11-2FC5A083B245@island-resort.com> <ba12a686-1b34-21a3-388c-bbe01c01a408@sandelman.ca> <1DFA7D52-7294-4705-9407-C34F5BC82EA6@cisco.com> <5f57dd25-f561-e07d-4b24-fef05627bac9@sit.fraunhofer.de> <c61b3ccd-6427-5801-c149-4e93af5c9fb1@sandelman.ca> <0eb003f7-34c3-af36-74ac-097841d2ac6c@sit.fraunhofer.de>
In-Reply-To: <0eb003f7-34c3-af36-74ac-097841d2ac6c@sit.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
x-originating-ip: [10.251.18.104]
Content-Type: text/plain; charset="utf-8"
Content-ID: <EEA2ED2CC4BD1248B54EE997C2DF865E@intel.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/i2d6x72wEm0w2MkfIlQxCIbFwLY>
Subject: Re: [Rats] Call for adoption (after draft rename) for Yang module draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Nov 2019 16:26:41 -0000

So far the group has used the term "EAT" to refer to both the information model and data serialization expressions. When extending information model to YANG or some other serialization (e.g. ASN.1). Given the possibility for an IM expression to be realized by different serializations, what term should we give to the IM description? 

The term "Claim" has been used extensively. Do we want to agree to use "claim" to refer to anything that is an IM expression in RATS and "Token" for any serialization (realization) even if it isn't a JWT or CWT?  

Thx,
Ned

On 11/11/19, 4:14 AM, "RATS on behalf of Henk Birkholz" <rats-bounces@ietf.org on behalf of henk.birkholz@sit.fraunhofer.de> wrote:

    Hi Michael,
    
    please see in-line.
    
    On 11.11.19 12:37, Michael Richardson wrote:
    > 
    > 
    > On 2019-11-11 5:57 p.m., Henk Birkholz wrote:
    >> Hi all,
    >>
    >> on one hand, we have to address the overlap between YANG and EAT
    >> information elements (statements & Claims) and how to deal with them
    >> (one obvious issue, for example, would be potential redundant
    >> information model content in two different drafts).
    > 
    
    Examples of the same information elements that are used in different 
    data models via Claims or statements:
    
    * EAT Time stamp / YANG clock info
    * EAT Origination / YANG attestation key cert, or
    * EAT Uptime / YANG tpm ticks
    
    > Can you give me an example, but I'm not getting the issue.
    > I think that we will be the first to attempt to use JOSE to sign a JSON
    > serialized YANG object, resulting in a JWT.  Well, technically, it's
    > probably not a JWT, because we aren't going to base64url it and put
    > periods between the pieces, I think.  It's just JOSE, but I don't mind
    > if we call it a JWT.
    
    As far as I know, simply wrapping a "JSON serialized YANG object" in 
    JOSE does not create a JWT. RFC 7951 is not based on RFC 7519. The 
    Base64/Base64URL confusion is limited to value representation in JSON 
    serialization, I think.
    
    > 
    > draft-ietf-anima-constrained-voucher does CBOR serialized YANG which is
    > signed with COSE.
    
    With CBOR serialization most things more straightforward and a tad bit 
    simpler. I do not think that we have any issues on the binary side of 
    things here. Or am I missing something obvious?
    
    > 
    > 
    >> On the other hand, Laurence's original point was the payload of
    >> conveyance protocols used by RATS. Specializations of this topic are
    >> apparently:
    >>
    >> * Web Tokens via YANG Interfaces, and
    >> * YANG modeled data via other conveyance protocols (other than *CONF)
    >> that can transport Web Tokens.
    >>
    >> There are examples of how YANG modeled data is used outside of *CONF
    >> protocols, for example MUD. We have to understand and agree about:
    >>
    >> * this is possible on a technical level, and
    >> * this is useful wrt to protocol scope, intent & semantics, I think.
    >>
    > 
    > MUD (RFC8520) does it, but so does ANIMA vouchers (RFC8366).
    > Again, data-at-REST described by YANG.
    > 
    > But the document in question does not seem to be data-at-rest, but RPC
    > access via *CONF protocols to TPM 2.0 objects, so I feel that you are
    > further muddying this thread by asking the above question.
    > 
    > 
    > _______________________________________________
    > RATS mailing list
    > RATS@ietf.org
    > https://www.ietf.org/mailman/listinfo/rats
    > 
    
    _______________________________________________
    RATS mailing list
    RATS@ietf.org
    https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email