IETF Logo Mail Archive

Re: [Rats] Entity vs. role

"Smith, Ned" <ned.smith@intel.com> Thu, 24 March 2022 11:35 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B24493A0F5C for <rats@ietfa.amsl.com>; Thu, 24 Mar 2022 04:35:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=intel.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cT_MYW7wzkgI for <rats@ietfa.amsl.com>; Thu, 24 Mar 2022 04:35:49 -0700 (PDT)
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DEF03A0F02 for <rats@ietf.org>; Thu, 24 Mar 2022 04:35:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1648121749; x=1679657749; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=bSkwXBXRz2BRE8VQiNnTp3Dwix2bYDdOccQFXfqXAVI=; b=GV9U6Y1ZeOrW2JqnnTE2nMavAXcbmOg7AKupN8eL4x50ZEmZjQjGyZnV Oln2qggZsQoFMAZ+xeVlcCUy06WTZ3mpwBrlNsiL/fSAbEGbm2a6W08yW PqEjUbU4olrHcW6MbJMT6E0dpQUbOxBlxV0XsC6AhN07uYMsnLdF1HaWw ASVq0zV4yEt43s4wo/zm62eiskRUdICb2lKE5XbnLRMDywkcTmw7hGM+e +SYJXoHqgDWxt8sgYqKb+yo1CIlYzwoLyZTw7ws4kLn5Ztl9PWODf2A+T K/W3o9e2Gh1dJYHs7GuQvD2t6UnjWshCZCOT5j3N7Hn4bU8M7N6tgEu2l A==;
X-IronPort-AV: E=McAfee;i="6200,9189,10295"; a="257182795"
X-IronPort-AV: E=Sophos;i="5.90,207,1643702400"; d="scan'208,217";a="257182795"
Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Mar 2022 04:35:48 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.90,207,1643702400"; d="scan'208,217";a="501361047"
Received: from fmsmsx604.amr.corp.intel.com ([10.18.126.84]) by orsmga003.jf.intel.com with ESMTP; 24 Mar 2022 04:35:48 -0700
Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Thu, 24 Mar 2022 04:35:47 -0700
Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Thu, 24 Mar 2022 04:35:47 -0700
Received: from NAM04-BN8-obe.outbound.protection.outlook.com (104.47.74.43) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.21; Thu, 24 Mar 2022 04:35:47 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=R9w8zD2v8oVcnPOrSUsJq/q2HIdSFtb8lJ9L7YXAyRPPdy/lF070b+D7YGXtx32wvGOIiT8uWnxDekxfyEgLwAK/QUSUsHbLzc9sqNnr1GSaGwslFPSSJI1jayQIDwF49o+0rnL3cnmnAHPKO0AfBru44knVSq7aUaPNshkNKjjjLfnH6Ys0/G4pylA/z91+EFrbCoG2GuxjIAJBWOj7uK6H7bKdqqh3gCWBwfSc1J/COF42IBIJVT3LPHU+L+9uwJK2V2l9ln2G9shi33lvTuwMOeU5bjj40/O87iO4vA5QNDMwIZPtxFmeUTvie8Z5ISMoLpeXoUkxRWO3bsMNIA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bSkwXBXRz2BRE8VQiNnTp3Dwix2bYDdOccQFXfqXAVI=; b=GnYqJ5Zp/K62fH+iSVrXMECSgGt7cVpFfFH1yLr3o9oKKD7YNzJPm+xyiNDLlgcdCQePLr4QFpxWVGcZcQu0uSlkq+fHK99ROIBxkPKz2YFLO3FBT7E4hkTzhu/MQjxJhnFiOOsZBCIzxXpylSvjdIOeo1OCGjPjYdmN4UNjZOOqGRhj2BGAxK3R20GL/BtLiDTTe2PzjN2G3Er1GRH2EF6z4k3p09UH4HkcilBwsU2Y+tEug10PSePjOwySOuDfRSQGzDFgl5h1fqM6IlOBbC3XSPtCzFrEor529c4ONycd626BuCa41VYtnIl4YWGlSj33ZHY3LkiPTGdqyFd7HA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by BYAPR11MB2727.namprd11.prod.outlook.com (2603:10b6:a02:c7::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.17; Thu, 24 Mar 2022 11:35:40 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::4818:ff2c:ac59:8bc4]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::4818:ff2c:ac59:8bc4%3]) with mapi id 15.20.5102.019; Thu, 24 Mar 2022 11:35:40 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Laurence Lundblade <lgl@island-resort.com>, "Eric Voit (evoit)" <evoit@cisco.com>
CC: Thomas Fossati <tho.ietf@gmail.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Entity vs. role
Thread-Index: AQHYPe6PgQWbu8zDYE+F8zzrq4lIsazLg0QAgAA6DYCAABj+AIAABWwAgAASg4CAAK6tgIAAUWwAgAFuMYCAAB7wgA==
Date: Thu, 24 Mar 2022 11:35:40 +0000
Message-ID: <86F9EC57-C752-407A-8E8E-C3C2C3A97F8A@intel.com>
References: <3407CFB9-B713-4E13-BDA3-08EC7B5A905E@intel.com> <CAObGJnOxU0vfxzzZ9tv1J64KHDigxLcEMrgx0gDy97bE7NQJcA@mail.gmail.com> <E20F61DD-8775-4E68-8E56-E6EC92682A18@island-resort.com> <CAObGJnOv8ePE=R6vvdg5uib3Y9=WS8A5vcOdpWY0sREXA98aPQ@mail.gmail.com> <2BC14C43-80D0-4611-BEA0-9D9B9948BE0C@island-resort.com> <BYAPR11MB31255F64BDB773DB93A0C6CCA1179@BYAPR11MB3125.namprd11.prod.outlook.com> <9BFD1E45-569D-4E2F-BCD7-5DA6FF5A1BDF@island-resort.com> <SN6PR11MB3135EBAF7783D637C7BBA04AA1189@SN6PR11MB3135.namprd11.prod.outlook.com> <70179B54-6E99-4AD0-B28D-00284AA6BC86@island-resort.com>
In-Reply-To: <70179B54-6E99-4AD0-B28D-00284AA6BC86@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.59.22031300
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d1355c6e-0c78-455f-ad36-08da0d8a6c9f
x-ms-traffictypediagnostic: BYAPR11MB2727:EE_
x-microsoft-antispam-prvs: <BYAPR11MB2727A98C7C330C89BE837A6BE5199@BYAPR11MB2727.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: NrTBVU6cHHQSxtOTIONYLvVvg5VOYRSRPIwMuvqig8m1uaw7eRCpjK4Bv08XzbrtifZWElYBZf5f1xfKbtWQl9ifEm7SSoTuvHiLBI2f+VTLZQp5PucXTw3+N+aQIjDwcHlLk8WudbkuJ+eitaeSQ4lHhTus/dqm/T0o1DL1cCzi/eZB7TLS3pL7nEUWzb6o9m194G/AwY0aZutGkC9bpfKzFE5EIHhQ8u6Lh/v2mQ/KtscSvL8/GDlokp/b9qofnlq+CNqHVw+Dp1Q7YbeWiHqlQPdmvxXaQnmg7yeR5t0DyLM+DuEwaIMb1fJJ3k29uO9zjqeC8NL3e6O9dYt1UjnJZLhTQPxU8AfV8yDTK4QGa6SgojBecjp1mCsejtZNUZ6jHd7RBrDV7yRUOefD9sUSBWoMZDOpuJE2eOoSi6Rqi3NlNTQN1nsmhrzgUaeYq8FIJGWilPPVxdLB7obqRG+N0dEnB7MwTvG+GUB49Eg+5e60mYJrsdLDYv4XOuBijkzeyUzJYZUtukGa0WUNT4o4dJOrSrCAhI1lcuS6aDOFlvhqrpV+vxxCVsolU4QLDDShEebA25PGwy3ylhTBgIkLENFkw7cqDY5/X0k6Dpck6FKPZVbcgmr/3rp1i2WeTuMubheS8kmn1k0uLeh/BjZi34mh+kafjptSh5bCEzecgpcUlmfHV9s1zK3fmuw2TcsyH/p7EWJ63LaNuPxROraDFcUvxoH3/Ckyg49VLFj6kMQqULanLI2879lb8R/M
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5169.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(38100700002)(82960400001)(86362001)(38070700005)(122000001)(6512007)(2616005)(508600001)(2906002)(8676002)(26005)(186003)(110136005)(54906003)(71200400001)(6506007)(66446008)(66556008)(4326008)(64756008)(53546011)(6486002)(76116006)(5660300002)(66946007)(8936002)(316002)(66476007)(83380400001)(91956017)(36756003)(33656002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: NbN90DR7uQ+JxLUgraz3uNtnjkv5ZeIZUscb+JR1xjtyxXIoracTN7Ju2E/dnN5v6v+YH06XceaY14u+J0bkhsz2XcOJhMA97Q3Yl+mF/MMHJU0RBNPDC70sPn3w0WinRPzLHP54pWwHHlAO/r84GxBv5uK8Cm9stZuU9Zchh7fwk/pzO/jcZ6OMdYJzctlXOI+sHr0rsbf3pKKqePIalDG5PgCt08DXj5MLSrOmlbq4i4Bi9KqlbDoxcHIr56mB2cHdRU8tlfF56Y2VoUXRCQkBaLX9IZRCtNXV4C6wRjcmzZBVn2dxxYk2nnRGC4zbMhCt61qJxGrbWyJTIS/8ZXQ0RHeNy8ztdJbjs7gwzZgHHDeORvIIVB5cuTQf5+4Nc5Ad2kTmQayo1NCIQRU4XI3SIXkwnckiV6EAR0OcJWx8ZA5c+hYF556th26VDbbj4xJFPqW03vaD6V5EdCIgHe9CAuTEDB2WMCKsSBjLm25MDBkddj6xwZazdD0+J5R+0rsYhdFUXtkew2C+iuFdJXmrRxBNnwBkgsVjmXBEmwR/BmsqYs/qn7i8GoSdo739YXrVSKnuH7RtSWJpFqDMJfo1XB66MjjQ1/pt9qYC+rUHJ207OmHhotVgeg1znZU3CJPGB/xAc7FNXMjxXnh42Syvor4MzClfTybk8NkNQlbKMI6jkHX0TCuEuRwbdZmfl1MDfIQWIH3/cVE5x5ae87p6nCAdbnvSIsVIDz/j/EUD+4Xp78+SI5w21XV6E8aiByXO4io59RjpI6lAuExjzaAlNSkTtCehBEAdlRZJqlmH8KK+Jh/zZe1vQeQgDzn1gY3n6LGzdx7SnzT98V7G5WEU/nVWpUrgzn7leNJdM7LP2l8asPxiBq6cDb+pMePtzfDhiBUHKesizAAelzDX7VBbTeWizgZll6u1xDlXQ3iJCdfbcSMjuTpCjsOwWsqQQ3brboh7Whmf+W4xlyx65SIkA9SIxOkBDo3Eu//xAEyVI4B+STPo/RBDMKFbAWbzGpTVshyPTgqpJCmtXIViSOPvFpUU4/qVes0zGjcKD1T87PK3tYUfZlVlb2wEGPXJJxV1NlKR92bd7RnT0eDV9Nw1I/cy3uh+kHEmw8zWEBMQjq7iZM1fMjtnqNUt7vSb2Qtelqgle5NDxe5cDMM5EbMiGFGEpy5VSRuMbzKPNq83zBX6b3c4hOBmRAIkgkDNrMz0f13RMaVLxXtv0fKbQw0AhkSCA3nPxG/GXD1wxRzvKLAHcrc7b7uIjBxHZCpj27nf4mcXwXIwTlemV/8jcZ6SJAm6uszO2s3TMax50KkRkb7Y/aNfv86+AsWRbOtWgjYXwClk3nobfI/ZJp1cOCG2Ls/Y/gdWlkp/3mrSB/ME4j8VlikOfOAIBY4t+TdTo5Pl66+xWdbdceT3AdEs2hEi8ZpRCq10yVy95myGfdpi2m3zxH/asFFEkYohugoM8V1rSP6l3NmLS0hL8bvJ4g==
Content-Type: multipart/alternative; boundary="_000_86F9EC57C752407A8E8EC3C2C3A97F8Aintelcom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d1355c6e-0c78-455f-ad36-08da0d8a6c9f
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Mar 2022 11:35:40.4738 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: YZCxmF4wSi74KWsRlRsVpWzB8ySlkVDWR5+B9ZHPgYPS0VQk/TzE2iCoeJv19xDb335hErVJ/WRVa0ke6IHIlQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2727
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/kE8YzEj4hsqrylfGBPaFOryF8Wk>
Subject: Re: [Rats] Entity vs. role
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Mar 2022 11:35:55 -0000

Technically, the RATS Architecture is informational. Hence, no normative “requirements” but that doesn’t mean a I-D based on the architecture should assume conceptual messages can be routed to some other role or that some other role can produce a different conceptual message.

The main point of this thread is to highlight the difference between role and entity. And to try to avoid conflating them. But they are intimately related nevertheless. The examples I provided help illustrate how they relate but without conflation.
-Ned

From: Laurence Lundblade <lgl@island-resort.com>
Date: Thursday, March 24, 2022 at 11:45 AM
To: "Eric Voit (evoit)" <evoit@cisco.com>
Cc: Thomas Fossati <tho.ietf@gmail.com>, "rats@ietf.org" <rats@ietf.org>, "Smith, Ned" <ned.smith@intel.com>
Subject: Re: [Rats] Entity vs. role

It seems to me now that we need to sort out some of these use cases a little better as Henk suggested in the room in Vienna.


On Mar 23, 2022, at 1:54 PM, Eric Voit (evoit) <evoit@cisco.com<mailto:evoit@cisco.com>> wrote:

From: Laurence Lundblade, March 23, 2022 4:03 AM
...

Ironic in a way — I want to forward/passthrough Evidence in Results, you are forwarding/passingthrough Results in Evidence :-)

<eric> It is not me that puts Results in Evidence.  It is the definitions in the architecture document which requires it *must* be specified this way.

5.1 describing the passport model does not imply or require (or preclude) two verifiers.

Section 5.1 does not require that AR be embedded in a new AE message when sent from the device to the RP. It puts no requirements on that transmission. I don’t think it even Requires the Results be relayed by something that has security properties.

None of the examples in section 16 work this way.

I think the design is a fine and good, but I don’t see it in my read of the architecture document. (I searched for occurrences of “passport”). Apologies in advance if I’ve missed something in the architecture document.

LL

v2.23.0 | Report a Bug | By Email