IETF Logo Mail Archive

Re: [Rats] EAT Review Comments

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Thu, 09 December 2021 10:45 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0A413A097B for <rats@ietfa.amsl.com>; Thu, 9 Dec 2021 02:45:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=NlM2Jz5Q; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=NlM2Jz5Q
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id slm4KP-tuCN2 for <rats@ietfa.amsl.com>; Thu, 9 Dec 2021 02:45:37 -0800 (PST)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40067.outbound.protection.outlook.com [40.107.4.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E1FB3A0987 for <rats@ietf.org>; Thu, 9 Dec 2021 02:45:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BPE8dYg5r8z20Amzj1YuVXdyBv1yq+CaUSBX2YU19FA=; b=NlM2Jz5Q4mjGocQ08AZTAXrC2lcUGbl6RGMwpwF1hTeNtArqM96vGofi4ozk3fbSO5Wu3GgalrAHSlVtzAygMUgm/8MzE5U5NMOMjPMhhZEVFY1oRa89GX+ef/kCfZBNeFengRjbhutvXVq0m4t4TBRGGRf9mieVHfeD6jVd+ww=
Received: from DU2PR04CA0051.eurprd04.prod.outlook.com (2603:10a6:10:234::26) by AS8PR08MB6215.eurprd08.prod.outlook.com (2603:10a6:20b:291::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.20; Thu, 9 Dec 2021 10:45:33 +0000
Received: from DB5EUR03FT063.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:234:cafe::50) by DU2PR04CA0051.outlook.office365.com (2603:10a6:10:234::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.16 via Frontend Transport; Thu, 9 Dec 2021 10:45:32 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT063.mail.protection.outlook.com (10.152.20.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.16 via Frontend Transport; Thu, 9 Dec 2021 10:45:32 +0000
Received: ("Tessian outbound 9a8c656e7c94:v110"); Thu, 09 Dec 2021 10:45:32 +0000
X-CR-MTA-TID: 64aa7808
Received: from 9b86bd4c50ba.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id C36DFFCD-F492-47E5-8D65-A57E9802D6F3.1; Thu, 09 Dec 2021 10:45:26 +0000
Received: from EUR01-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 9b86bd4c50ba.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 09 Dec 2021 10:45:26 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RidTlaOstyHlca/IOI1yHfdPtj1q50XLEVRGZnDLQ+pRqD9NDEO9vuckUp5qMJZjhmtvaliTm/wRHsee9y28sNqWX9DOV2CtQa1vEySo2iVe3MycRDFHEuKAVfQHeu5LWcpT+PYygwiu13/n+LlkYytZDrABRRPcQA2UL+84xgZTcf8pfWpgTYUKTwMSp0DdSwCx68Bc/3Wj2jGlsLgj5PhDxokR5ybIcTAt0nd4RIVqx1JW7DXU75+uppYgJjdygPTjhqV1e4TXT9r0HYBs28gUPMmAZzkdH97b+WRJiHt4LWH/VUf32uqvGM0oShNfwOzF1UnWjg1w+oW5XLCynQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BPE8dYg5r8z20Amzj1YuVXdyBv1yq+CaUSBX2YU19FA=; b=VLp5B0o+uz/IDiEk8Vltpi4f+gVOmjdbyIMbjP1+InG2iDSLdzm5u0SuTG8+glncYRyw3ySL9ruZmGr32psxfGN00mErTJKNLVmV8uBQsdT7A/sTr82DSJDyQb7Z8azj8Yg6NFBmuBA5wASSt7+MUUiTxBaHEG5ZuXikx7pPgPVub4f7J+eEfMNTrtrgjSDo8alWcEEH70QkSiw8MbJXJ6+d8r81Q6q+0S8GmfyocLem45foc2tOtQS5KAw90fQ+Epb27vg4GvNH+8/CFREm0Ujnjf0M1GmKnIf3DR/X0ZOwM0807UJA32QjTR9SlWx3NJ6pWxQ7aIjYlAZriEsdOQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BPE8dYg5r8z20Amzj1YuVXdyBv1yq+CaUSBX2YU19FA=; b=NlM2Jz5Q4mjGocQ08AZTAXrC2lcUGbl6RGMwpwF1hTeNtArqM96vGofi4ozk3fbSO5Wu3GgalrAHSlVtzAygMUgm/8MzE5U5NMOMjPMhhZEVFY1oRa89GX+ef/kCfZBNeFengRjbhutvXVq0m4t4TBRGGRf9mieVHfeD6jVd+ww=
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com (2603:10a6:10:20d::17) by DB8PR08MB5193.eurprd08.prod.outlook.com (2603:10a6:10:e6::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.21; Thu, 9 Dec 2021 10:45:23 +0000
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::dd96:eb7:b263:b290]) by DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::dd96:eb7:b263:b290%4]) with mapi id 15.20.4778.013; Thu, 9 Dec 2021 10:45:23 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Laurence Lundblade <lgl@island-resort.com>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] EAT Review Comments
Thread-Index: AdfrXtD82TqKBMPPTvW26/ecfE3BXwAVcq+AAExCBMA=
Date: Thu, 09 Dec 2021 10:45:23 +0000
Message-ID: <DBBPR08MB5915DD8BAA394E7D665E4C7DFA709@DBBPR08MB5915.eurprd08.prod.outlook.com>
References: <DBBPR08MB59150EEE386E675005A52124FA6E9@DBBPR08MB5915.eurprd08.prod.outlook.com> <B81765CF-8515-440B-A021-977FCD59D5E2@island-resort.com>
In-Reply-To: <B81765CF-8515-440B-A021-977FCD59D5E2@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 1A864ED2D0C36347916D13F45606DFFF.0
x-checkrecipientchecked: true
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-MS-Office365-Filtering-Correlation-Id: a1d17e5e-34d9-45dc-f629-08d9bb010618
x-ms-traffictypediagnostic: DB8PR08MB5193:EE_|DB5EUR03FT063:EE_|AS8PR08MB6215:EE_
X-Microsoft-Antispam-PRVS: <AS8PR08MB621521ECD7549F128C65B5C9FA709@AS8PR08MB6215.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: vCl7CPX5vYnrZvsxoicXgKrjwovSP4aWNZmyugXuyB5i/FiZTjcD8BQF6BTtzNpqPsMH+Gai2DYLwS/GqlLVBaWsQ3YzRsIOPk7Lhj5hUogG4tYDf5YduWaoRtdUbpqUHXULFMiQx+40ZoN9P8PUiHzFyvngawtPcyXpE1Xd7y2pcchw7Au2OqiosQmcLNTXhQp7Uog+LvDCYuqHgZqFLttmBEUmGMGYPVvA/4DrhWT5TiQEsdnjI6ro50E99Hnjt7wLSenWxErvBpX6cMwdvB3W1CzhiTrDKzfezri6LibHl4knD03RXyKlpurv7/UMWs10GnBlJOSyYBKDO5WOumjFeW10vHBzi6IxisFYa4MQrsVpzNp8ube4tlHwmGEt7jaq1evaEzV+k6pBNY4Hb5UZHn7cG/WWQMbhR0gX12sSr9yOnc5gU7lNmXmejbN8xL/QG7kNMXvlLoBd9DjjcyKZscyKP1OLCt+AlYxKSzWp70s3IFYkNHPQICTOjpecDsrkgA2RccoN15pIkbtZt65M+MlVQyR7CaiuSFLE8uKqF40FoPJQ0ou8yJRNkVpinylmTeGYGgr2N/TFkmkA41ac/a43JAMmcbzKmuLEaaIfyhjC97T8j+Jg7bNAlgu57bpsR6AJJEBsbjNfjAJRW3kb0o5colxX/QStb4jchr7GfH9Ohii5Wx0WKcX68h32rCr2BPqf7fSeQrbbtO/Q9A==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB5915.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(55016003)(38100700002)(508600001)(2906002)(66446008)(33656002)(122000001)(66556008)(66946007)(66476007)(64756008)(71200400001)(316002)(52536014)(6506007)(38070700005)(53546011)(186003)(26005)(5660300002)(8936002)(83380400001)(7696005)(6916009)(8676002)(4326008)(9686003)(76116006)(86362001); DIR:OUT; SFP:1101;
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR08MB5193
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT063.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 49a19873-6132-43e5-1e00-08d9bb01012e
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: xEMCopjeirEIjc+ltcDz67bR9SfmYXq3ZCvJCeL4HDVruDnGEHvi3xE5S6Kz6jBGnrCznawQgvkMfTQVPteLyzAGfqPkxiuunnJ0gFx/cbAn1nxby2gdIGaLURm3srVcLSZPBB8FcnKcA9yD568Xa8QKj9vmy7+njDMg6+3R0dxT3FD47gSN4P6J7OJQsFOpl5mBM4Umd1nmO1wa73p56K0a43HmGL+5UuJozbiMiRFFB52Ed5LHZPmqvnLXiF03S9fdTqhNRcK89+wz64Y8ANu8mYsWURR9YFqOSMHYywJs1ndrm0OK0iE6K6/tkjGY7C1Lq8sw/dRqV95NcyY6t+rsozIwEU037T1Eqk7XBbxmsEiiQpwjkB922YLgc2ODfH2Y7SSWqdMZuKgPr60DXRWn3d22+2eVQB3MDxg1XhRsI1equHnC2rrBqwQiCk3pyXk3wjUe5ar6JX9LiWVdPuU3Z1P/nQC65TSvkXrhsCFTNwR+vnRwPOlkPPIs7oJdlL2xw3SRbNceeoIEIzkAj2ro5nGyfNc/uc0IHvkHDwF9DUMwRSeNC/Bbyzupk1QkQa4tCtnAfNE5Djw1QcgMuLIARU0QWzjiqx8lMrhpUa3T7BSUdE9L8UA/q0U3IpBuc92wZo+Hmsu6+rhVEF35+uoOZ9zJVvEY3mRDGdgsEpdAuDlL4pclOxuxp14CeYlPhN9HOO4jG8/zUwVNz5OFBpM/hByreJS1Ml+F4lsnBcqct0CXrMSPgVj3t28j0TqSsTUx9XkRoBpOHXv2pnsKRQ==
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(46966006)(36840700001)(40470700001)(2906002)(70586007)(356005)(186003)(81166007)(336012)(70206006)(33656002)(508600001)(40460700001)(86362001)(82310400004)(55016003)(7696005)(83380400001)(47076005)(6506007)(53546011)(26005)(5660300002)(8676002)(9686003)(36860700001)(4326008)(52536014)(6862004)(8936002)(316002); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Dec 2021 10:45:32.1296 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a1d17e5e-34d9-45dc-f629-08d9bb010618
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT063.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR08MB6215
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/lYupOSfkn8i3TZE-a_14zqShMpg>
Subject: Re: [Rats] EAT Review Comments
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2021 10:45:43 -0000

Hi Laurence,

Thanks for your quick response.

A few responses below:

-----Original Message-----
From: Laurence Lundblade <lgl@island-resort.com>
Sent: Tuesday, December 7, 2021 10:52 PM
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: rats@ietf.org
Subject: Re: [Rats] EAT Review Comments

First of all, I really appreciate the thorough reading. This is probably the first deep substantive set of comments ever made on EAT.


> On Dec 7, 2021, at 3:49 AM, Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
>
> Hi all,
>
> As promised, here are some high-level review comments, which are most important to us:
>
> - The document would benefit from a normative language. Think in the following way: What does a party creating a claim and a party verifying the claim have to do in order to ensure interoperability. Use SHOULDs and MAYs when you can give the reader a decision path.
>
> - Don't put comments into the CDDL since the same text is already in the draft. You are essentially putting the text in the document twice. This will reduce the size of the document.
>
> - Normative vs. informative references: If you need to read a specification as a developer in order to implement a listed claim then this reference is normative. For example, the location claim cannot be implemented without having to open the W3C geolocation API. Hence, that reference becomes normative.
>
> - Aim for consistent use of terminology. An example is the use of "entity", "entity/device", "device/entity", "entity/client device", "device entity", "entity or submod", "entity (typically a device)". In Section 1.4 you seem to suggest that "entity" is the right term. But throughout the text you mix the terms. The  EAT draft should adopt the terminology established in the architecture doc, which would be "attester" rather than "entity". Section 2 should import the vocabulary from the architecture document **by reference** and establish the aliasing "attester" = "entity" (and maybe = "device") by saying something along these lines: "attester and entity are used interchangeably in this document”.

Agree about most of the above and will work through it.

>
> - The spec is long and there is a lot of feature creep. This makes it appear very complex. I believe there are two reasons for this, namely (a) there is suddenly a lot of architectural discussion in this document. This is unnecessary given that there is a separate architecture document. There is no need to repeat the content here as well. Do you expect a reader to go through the architecture document before reading this document?

OK. I will work to remove some of this.

A few hints and examples of what to remove would be helpful.

I already made one pass at removing text from EAT that was covered in RATS architecture.  (EAT -01 actually predates RATS architecture, so there was lots of stuff to remove).

[Hannes] I can go through the document again and focus on identifying on what could be simplified.


> (b) There are claims in this specification that may sound good but I wonder whether they are ready for prime time already. This document does not need to collect all claims that relate to attestation. Most likely there is not much experience implementing some of these claims either, which reduces the quality of the specification. Sometimes less is just more.

Definitely agree that less can be more.

Top of my list of claims to remove are uptime and boot seed.

The other claims have a strong purpose in my mind. They are necessary to describe the device and the attestation results.

- Maybe the DLOA’s claim could be removed, but I think it is important for RP’s to be able to know about certification status in attestation results.

- The description of SW manifests and measurements is a bit difficult, but I’ve tried make use of the best things out there and be flexible / pluggable since it is a moving target.

- The set of UEID/SUEID, HW OEM ID, HW Class and HW Version is what is necessary to identify HW.

There is similar reasoning for the other claims.

Which claims would you remove?

[Hannes] I don't know the history of the DLOA and the SW manifests claim but I wonder whether people will use them in the near future.

>
> - Unprotected CWT Claims Sets (UCCS): I see UCCS as an architectural aspect. Normally, the implications for the EAT spec should be quite small. The purpose of the EAT spec is to define claims that go into a CWT. EAT does not mandate a specific way to protect the claims (digital signature, MAC, encryption, etc.) then UCCS has not much implication besides a short mention in the security consideration section. Given that UCCS is a separate working group document we would remove Section 4 along with any reference to UJCS.

There’s strong logic here:
— RATS architecture explicitly calls out composite attestation — A submodule can be a nested EAT to implement composite attestation — A nested EAT can be a CWT, UCCS  or DEB — The CDDL that specifies a nested EAT submodule thus must mention UCCS

So a UCCS is a claim that goes into a CWT. I think UCCS, particularly CDDL for UCCS, must be included because of this.

[Hannes] I wonder whether everything in the RATS architecture should be covered in the EAT specification for several reasons:
- First, the EAT spec becomes complex and harder to read.
- Second, the RATS architecture enumerates everything that came into someone's mind or, as we later learned, can be patented.
- Given the status of the industry with attestation I believe it will take a while to even get the basic functionality deployed. For more complex use cases it can easily take several years.



We decided a long time ago that EAT would support JSON in a normative way. The logic continues:
— An EAT can be a JWT
— EAT specifies claims that go into a JWT (and a CWT) — A submodule can be an  nested EAT — A submodule can then be a JWT in a CWT or a CWT in a JWT

If we stay with the idea that EAT has normative support for JSON, then I believe the above logic holds and specification of the above is necessary.

I don’t think we realized the implications of EAT formally supporting JSON/JWT in a normative way a few years back. I certainly didn’t. Trying to write and validate the CDDL for both JSON and CBOR, JWT and CWT brought it to light. Maybe it’s too much? What do people think about completely removing normative JSON support from EAT?

[Hannes] JSON may be something that is support from the verifier to the relying party because those are probably HTTP-based API. I am wondering whether it would make sense to just have a CBOR-based encoding for the attester-produced EAT tokens. Then, the JSON-based functionality could be published in a companion document, if needed.

Now on to UJCS. The decision on it can be separate from the above logical conclusion, partly because JWT has the (awkward) null algorithm mode.

My main logic about UJCS is:
— JSON is far more popular than CBOR
— If there is reason to specify UCCS, then there is more reason to specify UJCS — This also lines up with EAT being used for attestation results, which are likely to be JSON.

Maybe UJCS can be removed from EAT, but it seems like it should then exist somewhere else.

There is still a logic and power in bringing all this highly related stuff (CWT, JWT, UCCS and UJCS) together especially when you try to write CDDL for it where individual claims can be JSON or CBOR and individual tokens can be JSON or CBOR. This goes back to composite devices described in RATS architecture.

[Hannes] IMHO the UCCS functionality should be described in the UCCS draft. I doubt that JSON makes a sense for the community proposing it. I got the impression that this is something from the Smart Card/Secure Elements community and those would hopefully use CBOR rather than JSON.


Ciao
Hannes


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.38.3 | Report a Bug | By Email | System Status