[Rats] Re: [lamps] Re: Hint Discussion in CSR Attestation Draft
Thomas Fossati <thomas.fossati@linaro.org> Mon, 01 July 2024 17:07 UTC
Return-Path: <thomas.fossati@linaro.org>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B642C14E515 for <rats@ietfa.amsl.com>; Mon, 1 Jul 2024 10:07:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=linaro.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ugaJhEiKu-92 for <rats@ietfa.amsl.com>; Mon, 1 Jul 2024 10:07:17 -0700 (PDT)
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C71BC1840CC for <rats@ietf.org>; Mon, 1 Jul 2024 10:07:17 -0700 (PDT)
Received: by mail-lj1-x234.google.com with SMTP id 38308e7fff4ca-2ec002caf3eso52690861fa.1 for <rats@ietf.org>; Mon, 01 Jul 2024 10:07:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1719853635; x=1720458435; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=deR3l7Wpe4tJH2NOXt9JWDJotNnio4G1WMceBaP4mzQ=; b=ILW42oYGbpVnAsRzsCryBjUKsvkcoNmj5PPhwb4/DJ01WvuIiiIvTadLRv6tObjkg8 6v0pSBeprM1J2BiDGJMMfRmnPQpgGaZw7bDlp4kf7JtJO+kHamlRmr1ebLxtEYa4Tj5S aAilqI8ltaW7NcxM1131DGl2U0NC/qJjMoJRfWdRHbok/hrNbvKB0QK9204yNyZuIJ7w EHAuD0xh/klWLFtmqI4ow668DCUBfloIoVN9YzxpiYvv0gv0OMLumF6Kztwz4ZEhz/TO DHBDcsJKgQ/nYkhNBhjSmi1aAxk6Z0bzGhvxmdf5L2UtOgvT5JSSraRhQKh7YNUUINJs 9uFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719853635; x=1720458435; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=deR3l7Wpe4tJH2NOXt9JWDJotNnio4G1WMceBaP4mzQ=; b=j9oVC7PgFO2aWkEHeLYFKx2WaAYNrJtLZ3sWMZ61Bzs1AYStYtYwwOilXE2QsYNibJ njA7XcDF4pp8XmnGbxYx9evrZJWaAE941NcbeCLexRbsdzTGWL9h9FGES58dmH241FE7 K6dOYVlP/1QbxIay+mKbTybn2VRL6JnAIRMUPkLoIfd77TeB57mIatFbnHL1akcuWutT CmSIdAA225qeiewx4QvumwZHWSGnD+CH7yd6RDjTodYv5MvFBM3/eoYiNCGLeIXWpWKx Ovu5qT+9AJeQR8+jyfR3Vmluu2YGRi+U+90DE36wxBUEtsyaRA68tkny3iBw/6ryeATH AlDw==
X-Forwarded-Encrypted: i=1; AJvYcCXy2cvz8spd1sfYd6goYSMxNNHhhIclQsV+YVMHcGac1U09VCTi1Kw1xqiQ42OjGYRAuzGx8vSTdxr16Ana
X-Gm-Message-State: AOJu0YwaziLEfQIqiBM82IgMbUXzanMOJ8/IKK3YK6kHpkp4mOVvi77e FdTFsXQI+gxspR7ytRJZOPyqoc0EdaMCgWopLChY9+3fuXOg279LBSFbO5wniZZ5qayUFSx9KDh BJeG2hvhiCpyQ/79xAPPxQI2a7ZQS8VJ1PFF7hQ==
X-Google-Smtp-Source: AGHT+IGKbYAKrDGVTTj7heXqCU7ed06Srlb2UzKHO0ogVhk60WwlMAybPReJlp9SLd30V0zvDR9DHgfX9Jn2By72Vjo=
X-Received: by 2002:a05:651c:2223:b0:2ee:4d37:91df with SMTP id 38308e7fff4ca-2ee5e3bb7fdmr62423271fa.27.1719853635141; Mon, 01 Jul 2024 10:07:15 -0700 (PDT)
MIME-Version: 1.0
References: <946C676F-8877-403A-86DA-6B8A41063C03@redhoundsoftware.com> <CA+1=6ye36h4hHD5O+To4zuE0bqgz2JwiWNrpCUeSFTL3tdWa6g@mail.gmail.com> <B05EB000-DC3F-4C5E-B612-8C0BE17761C2@redhoundsoftware.com>
In-Reply-To: <B05EB000-DC3F-4C5E-B612-8C0BE17761C2@redhoundsoftware.com>
From: Thomas Fossati <thomas.fossati@linaro.org>
Date: Mon, 01 Jul 2024 19:06:59 +0200
Message-ID: <CA+1=6yfFRXqQ+iSDVLzeSQxY4Y6hBGFskPg74N6sH8W92DCxog@mail.gmail.com>
To: Carl Wallace <carl@redhoundsoftware.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: MDEKHH44FRSV325CYYXTG3QGGV2TJKSM
X-Message-ID-Hash: MDEKHH44FRSV325CYYXTG3QGGV2TJKSM
X-MailFrom: thomas.fossati@linaro.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Smith, Ned" <ned.smith@intel.com>, rats <rats@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Rats] Re: [lamps] Re: Hint Discussion in CSR Attestation Draft
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/iGbTCLDgpiQpMIKakkRaSxqXdy0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>
hi Carl, On Thu, 27 Jun 2024 at 11:45, Carl Wallace <carl@redhoundsoftware.com> wrote: > On 6/24/24, 11:28 AM, "Thomas Fossati" <thomas.fossati@linaro.org <mailto:thomas.fossati@linaro.org>> wrote: > On Mon, 24 Jun 2024 at 17:17, Carl Wallace <carl@redhoundsoftware.com <mailto:carl@redhoundsoftware.com>> wrote: > > > > The below was posted to LAMPS but I had missed the introduction of the "hint" notion to the msg-wrap spec and upon a brief review of the latest draft do not understand section 3.3.1, which was introduced in the recent -05 draft, so I replied to RATS. What is this paragraph trying to say? > > > > "A CMW Collection's tree structure is not required to be a spanning tree of the system's composite Attester topology. If a label changes Verifier state beyond a "hint" (e.g., for better Verifier performance or human comprehension), we say that it carries semantic content. When a label carries semantic content that is not bound to other forms of evidence contained in the collection, the collection SHOULD be signed by an attestation key, e.g., by including the collection in a signed EAT [I-D.ietf-rats-eat]." > > The PR that introduced Section 3.3.1 [1] has some extra context in its > description that may help understanding Dionna's thinking. > > [1] https://github.com/ietf-rats-wg/draft-ietf-rats-msg-wrap/pull/78 <https://github.com/ietf-rats-wg/draft-ietf-rats-msg-wrap/pull/78> > > [CW] I read the PR but can't say that it helps much. The phrase "If a label changes Verifier state beyond a "hint"" must be evaluated from the point of view of a verifier, right? If different verifiers may elect to use or ignore a "hint", I don't see how this could be any other way. The rest of that sentence establishes that how a verifier acts upon a "hint" determines whether a label is considered to carry semantic content. This impacts the next sentence, which states that "the collection SHOULD be signed by an attestation key" when a label carries semantic content. Maybe stating "if an attester expects for a label to change Verifier state beyond a "hint"" would salvage the paragraph. Separately, is "label" right here or should it be "item" or "message"? It might also help if "hint" were defined in this context as well as how the "hint" notion interacts with the last point made in the security considerations section. We changed the confusing/overloaded "hint" with "label" (which was an already established term). We also added an explicit "label" to the CDDL key to link prose and formal spec. This got packaged with a change requested by the JWT/CWT IANA experts and the registration for CoAP two new Content-Formats. See [1] for the details. Thanks once again for your great reviews! cheers, t [1] https://author-tools.ietf.org/iddiff?url2=draft-ietf-rats-msg-wrap-06
- [Rats] Hint Discussion in CSR Attestation Draft Tschofenig, Hannes
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Henk Birkholz
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Carl Wallace
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Thomas Fossati
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Michael Richardson
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Thomas Fossati
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Michael Richardson
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Carl Wallace
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Hannes Tschofenig
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Hannes Tschofenig
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Carl Wallace
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Hannes Tschofenig
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Michael Richardson
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Henk Birkholz
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Michael Richardson
- [Rats] Re: Hint Discussion in CSR Attestation Dra… Michael Richardson
- [Rats] Re: [lamps] Re: Hint Discussion in CSR Att… Carl Wallace
- [Rats] Re: [lamps] Re: Hint Discussion in CSR Att… Thomas Fossati
- [Rats] Re: [lamps] Re: Hint Discussion in CSR Att… Carl Wallace
- [Rats] Re: [lamps] Re: Hint Discussion in CSR Att… Thomas Fossati