[Rats] Robert Wilton's Discuss on draft-ietf-rats-eat-21: (with DISCUSS and COMMENT)
Robert Wilton via Datatracker <noreply@ietf.org> Thu, 07 September 2023 13:09 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: rats@ietf.org
Delivered-To: rats@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 918C2C151525; Thu, 7 Sep 2023 06:09:53 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Robert Wilton via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-rats-eat@ietf.org, rats-chairs@ietf.org, rats@ietf.org, ned.smith@intel.com, ned.smith@intel.com
X-Test-IDTracker: no
X-IETF-IDTracker: 11.10.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Robert Wilton <rwilton@cisco.com>
Message-ID: <169409219358.34717.10637003445246332249@ietfa.amsl.com>
Date: Thu, 07 Sep 2023 06:09:53 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/jbA1m9km_Z2b_A95IWEBLsGOSqE>
Subject: [Rats] Robert Wilton's Discuss on draft-ietf-rats-eat-21: (with DISCUSS and COMMENT)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Sep 2023 13:09:53 -0000
Robert Wilton has entered the following ballot position for draft-ietf-rats-eat-21: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-rats-eat/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Hi, Thanks for this document. Sorry, I didn't have time to review this document that closely. I have flagged one issue for discussion to change the reference to the architecture document to being a normative reference. This would mean a downref, but should otherwise be an easy change to make. The rest of my comments are non-blocking. (1) p 71, sec 11.2. Informative References [RATS.Architecture] Birkholz, H., Thaler, D., Richardson, M., Smith, N., and W. Pan, "Remote ATtestation procedureS (RATS) Architecture", Work in Progress, Internet-Draft, draft- ietf-rats-architecture-22, 28 September 2022, <https://datatracker.ietf.org/doc/html/draft-ietf-rats- architecture-22>. "From section 1.3, EAT follows the operational model described in Figure 1 in [RATS.Architecture].". This, along with other references indicates that the RATS architecture should be a normative reference. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- (2) p 0, sec An EAT is either a CBOR Web Token (CWT) or JSON Web Token (JWT) with attestation-oriented claims. This is probably contentious, but given that this is a new spec, I wonder whether it wouldn't be better (i.e., encourage wider interop) if only CBOR, COSE and CWT were used/allowed. (3) p 20, sec 4.2.6. swname (Software Name) Claim The "swname" claim contains a very simple free-form text value for naming the software used by the entity. Intentionally, no general rules or structure are set. This will make it unsuitable for use cases that wish precise naming. I found it interesting, and slightly surprising, that the hardware model claim is opaque, but the software name claim is not. (4) p 24, sec 4.2.11. uptime (Uptime) Claim The "uptime" claim MUST contain a value that represents the number of seconds that have elapsed since the entity or submodule was last booted. Relative to other claim descriptions, the MUST in this description seems strange. Perhaps better as just "The "uptime" claim contains a value ..." (5) p 88, sec Appendix B. UEID Design Rationale A UEID is not a UUID [RFC4122] by conscious choice for the following reasons. Note that the UUID spec is currently being updated (it is also on this week's telechat review), so some of the concerns being described here may no longer be valid. It is still only 128 bits though, and 6 bits are spent identifying UUID format and version. (6) p 89, sec Appendix B. UEID Design Rationale Note also that that a type 2 UEID (EUI/MAC) is only 7 bytes compared to 16 for a UUID. Note that the paragraph at the end of appendix B.1. states that UEIDs are a minumum of 128 bits ... Regards, Rob
- [Rats] Robert Wilton's Discuss on draft-ietf-rats… Robert Wilton via Datatracker
- Re: [Rats] Robert Wilton's Discuss on draft-ietf-… lgl island-resort.com
- Re: [Rats] Robert Wilton's Discuss on draft-ietf-… Smith, Ned
- Re: [Rats] Robert Wilton's Discuss on draft-ietf-… Roman Danyliw
- Re: [Rats] Robert Wilton's Discuss on draft-ietf-… Roman Danyliw
- Re: [Rats] Robert Wilton's Discuss on draft-ietf-… lgl island-resort.com
- Re: [Rats] Robert Wilton's Discuss on draft-ietf-… Rob Wilton (rwilton)