IETF Logo Mail Archive

Re: [Rats] CWT and JWT are good enough?

Laurence Lundblade <lgl@island-resort.com> Mon, 16 September 2019 16:29 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B50D212004F for <rats@ietfa.amsl.com>; Mon, 16 Sep 2019 09:29:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hOXLs8OVwC_1 for <rats@ietfa.amsl.com>; Mon, 16 Sep 2019 09:29:07 -0700 (PDT)
Received: from p3plsmtpa07-03.prod.phx3.secureserver.net (p3plsmtpa07-03.prod.phx3.secureserver.net [173.201.192.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 204A6120026 for <rats@ietf.org>; Mon, 16 Sep 2019 09:29:07 -0700 (PDT)
Received: from [192.168.1.76] ([76.167.193.86]) by :SMTPAUTH: with ESMTPA id 9ts9iaww49Mpb9ts9imJGX; Mon, 16 Sep 2019 09:29:05 -0700
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Laurence Lundblade <lgl@island-resort.com>
In-Reply-To: <b599af98-1d11-cc86-0942-4185135d5c85@gmail.com>
Date: Mon, 16 Sep 2019 09:29:05 -0700
Cc: rats@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <4D0DEE05-C66C-4BCF-B1BA-67203779F35D@island-resort.com>
References: <CDC992AE-B6DB-4BAE-975F-6E2BF9ED2C97@island-resort.com> <b599af98-1d11-cc86-0942-4185135d5c85@gmail.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-CMAE-Envelope: MS4wfK2yWotGlaLv25+Ic1NSCNaSLY+tB55x5WTZj5KFsXn9kgN1JdumrJw9JGJZkcU2+iKIaiR7a+rVD2KC4MCYu/3D2B0JzBdGk+P6w/IFyhjr215kFA8q Pkf4ng5nMLmFS3KJaxMTihs0j9Vm/70vkUIU1TL9srMjU/VlWSDuOvepovKTcyrtmYcM0vLCST4VZtW4MDgmlO1WvPx7Vh7yZbo=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/kY2Uu3t275tLjfY5EfnpvPpT-Mw>
Subject: Re: [Rats] CWT and JWT are good enough?
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Sep 2019 16:29:10 -0000


> On Sep 16, 2019, at 8:46 AM, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:
> 
> On 2019-09-16 17:30, Laurence Lundblade wrote:
>> I’ve been trying to take the position to avoid even minor divergences from CWT and JWT in EAT. I wish there wasn’t inconsistency between the two, particularly in how the claims registry is handled. That inconsistency has already consumed many hours, even days, of this WG. There’s been some really long email threads about it.
>> Fixing it only for EAT seems half-baked. Fixing it for all of CWT and JWT would have to go through those WGs. Seems like a lot of work. We have enough to do, so I’m inclined to live with it.
> 
> Since everything crypto-wise in the JOSE stack anyway is covered in Base64Url, I don't see why one would bother with JWTs (or JSON at all for that matter) in EAT.

Pretty sure lots of people want to be able to express claims in JSON. It is far more prevalent (so I understand) on the server side than CBOR. I think there is consensus in this WG that we will support JSON and CBOR (and thus COSE and JOSE) for claims.

LL

v2.23.0 | Report a Bug | By Email