IETF Logo Mail Archive

Re: [Rats] Call for Adoption: EAT draft

Simon Frost <Simon.Frost@arm.com> Fri, 31 May 2019 15:05 UTC

Return-Path: <Simon.Frost@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A50A612016B for <rats@ietfa.amsl.com>; Fri, 31 May 2019 08:05:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id voYLO6anWsgj for <rats@ietfa.amsl.com>; Fri, 31 May 2019 08:05:49 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20064.outbound.protection.outlook.com [40.107.2.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E693512011D for <rats@ietf.org>; Fri, 31 May 2019 08:05:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tU7rvQdhvRyJVH4X1vbb4jnbM2XNpAV1V/hWkT3hhyQ=; b=MA94eD6L2Lt19+vXHFyBKEReM+xTOZmXbNDTyU3/g0QF59yNMEIFoKbAbjjpiD5CjZw3InYNTyNBFCOIGE2Je7dO2P4s06yJZRUrtuxTFDAknyae8c6hT4CstK7XwdIEZ7ao0vmc9qCO54GETD6RsnE7hX6R4MqPxmETteI55X8=
Received: from HE1PR0801MB1643.eurprd08.prod.outlook.com (10.168.147.136) by HE1PR0801MB1708.eurprd08.prod.outlook.com (10.168.147.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1922.21; Fri, 31 May 2019 15:05:45 +0000
Received: from HE1PR0801MB1643.eurprd08.prod.outlook.com ([fe80::74ab:8351:482e:102e]) by HE1PR0801MB1643.eurprd08.prod.outlook.com ([fe80::74ab:8351:482e:102e%2]) with mapi id 15.20.1922.021; Fri, 31 May 2019 15:05:45 +0000
From: Simon Frost <Simon.Frost@arm.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Laurence Lundblade <lgl@island-resort.com>, "Eric Voit (evoit)" <evoit@cisco.com>
CC: "rats@ietf.org" <rats@ietf.org>, Giridhar Mandyam <mandyam@qti.qualcomm.com>
Thread-Topic: [Rats] Call for Adoption: EAT draft
Thread-Index: AQHVF8JRLOcmRmM7REq+/VWKhsku3g==
Date: Fri, 31 May 2019 15:05:44 +0000
Message-ID: <HE1PR0801MB16431FB1A05EBD94F06D86DEEF190@HE1PR0801MB1643.eurprd08.prod.outlook.com>
References: <CAHbuEH6Mdwp+neWbcecA-pMYZoXKiNda2A0EnMh-8WX=W9_edA@mail.gmail.com> <DM6PR11MB408991CBF9B50672E12A8F61A1000@DM6PR11MB4089.namprd11.prod.outlook.com> <DM6PR11MB4089818BBEF529569DC1250DA11E0@DM6PR11MB4089.namprd11.prod.outlook.com> <bdcaa9f2ca2344aa98287acd0b80d8f3@NASANEXM01C.na.qualcomm.com> <DM6PR11MB408939CC9EA79D479B76586DA11E0@DM6PR11MB4089.namprd11.prod.outlook.com> <E09EB1B2-ED56-4F1B-8D80-BF0D227199A3@island-resort.com> <82b0a75e5b5645d1a43d240373bca6dc@NASANEXM01C.na.qualcomm.com> <DM6PR11MB4089DAD248EEAAF9F92F2C0AA11E0@DM6PR11MB4089.namprd11.prod.outlook.com> <50ddca72a9074e229976ca88f78e340a@NASANEXM01C.na.qualcomm.com> <DM6PR11MB4089BF4C3F319894DAE8722AA11E0@DM6PR11MB4089.namprd11.prod.outlook.com> <175ea22d1a1948d48f8180424cc89ec0@NASANEXM01C.na.qualcomm.com> <VI1PR08MB5360CE8EFA93515A140D30F2FA180@VI1PR08MB5360.eurprd08.prod.outlook.com> <DM6PR11MB408967D6E5EF0A355CF0D60BA1180@DM6PR11MB4089.namprd11.prod.outlook.com> <D53ECF26-E2F5-4BD5-A81F-BBE1AEEB4541@island-resort.com> <VI1PR08MB5360919E4669734878D75F6EFA190@VI1PR08MB5360.eurprd08.prod.outlook.com> <VI1PR08MB53608BBD4BC156012237D3C6FA190@VI1PR08MB5360.eurprd08.prod.outlook.com>
In-Reply-To: <VI1PR08MB53608BBD4BC156012237D3C6FA190@VI1PR08MB5360.eurprd08.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Simon.Frost@arm.com;
x-originating-ip: [217.140.106.49]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ec3e1b6d-4c9a-4f14-3d0a-08d6e5d974e8
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:HE1PR0801MB1708;
x-ms-traffictypediagnostic: HE1PR0801MB1708:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <HE1PR0801MB1708EC5BB7BFE9EDAA31D3CFEF190@HE1PR0801MB1708.eurprd08.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 00540983E2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(396003)(136003)(366004)(376002)(39860400002)(40434004)(13464003)(199004)(189003)(476003)(186003)(64756008)(66476007)(66446008)(5660300002)(53546011)(446003)(6246003)(54906003)(110136005)(561944003)(66556008)(66946007)(316002)(55016002)(6436002)(25786009)(102836004)(6506007)(52536014)(8936002)(486006)(73956011)(5024004)(14444005)(26005)(53936002)(81166006)(6116002)(11346002)(74316002)(8676002)(76176011)(81156014)(76116006)(2906002)(9686003)(966005)(33656002)(478600001)(7696005)(305945005)(72206003)(99286004)(71200400001)(3846002)(4326008)(229853002)(14454004)(86362001)(66066001)(256004)(68736007)(6306002)(71190400001)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0801MB1708; H:HE1PR0801MB1643.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: N1LjvSUFAUFvCqlCX5VPqGmp2bQILuoKP+COPZrylZeje4iF/ZrbAHSMCiE6f9EzS8EGYCwWhCiK8lEXwDLX6HtDSovb1/11qPCcEfhZGuUlf7mq84FNSrLCyITrTa4ktRR4zhryROxX3KMn6JoELQbpj6t2a7Tv4BnhM1D5BG97QYZC+gQT3NvvLv5KK/LHjy0XT20NVnljstHFWLeHKqmfc7mP0qvLaQvM4+TO7k8Bzr8fIUDXobPjhY04N2Wuvy8Q24B5g5P+EKRQuSegoJOGBZgCBGJm6mcdMa3pNqCj2AgLXOC8y0hlZkIi1EBJmHFqUv0nLpP0tI8cZTmJt34oLVIAhn834EcHJTzxLatkMes80aze6QmK09lrZfT7UaBc0y43HWX+vC++EAOLTR/XSawkggpW2PtgwdBjWCs=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ec3e1b6d-4c9a-4f14-3d0a-08d6e5d974e8
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 May 2019 15:05:44.9613 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Simon.Frost@arm.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0801MB1708
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/IvmakSO_RlfpXiOK3PiXzLMvlZg>
Subject: Re: [Rats] Call for Adoption: EAT draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 May 2019 15:05:55 -0000

I've no experience of the process, but within this thread has been a discussion of requiring expert review before a new claim is accepted into the registry. Should the WG be able to provide guidelines for whoever is conducting such a review as to what considerations should be made before admitting a new claim?
For example:
+ ensuring the new claim is not already covered by one of the standard EAT claims. Note that I am assuming that the existing set will be tweaked / enhanced during the WG process.
+ comparing any related set of claims to information models covered in standards (the 'location' discussion)
+ ensuring that the implied data model for the claim is consistent
+ potentially expanding to a more public or (prior) WG member consultation in the event that a submission is seen as controversial.

...and Yes, I'm aware that the above may be potentially more expensive or time consuming, I'm trying to understand whether it’s appropriate to influence process as part of the standards process.

Thanks
Simon

-----Original Message-----
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Sent: 31 May 2019 15:10
To: Laurence Lundblade <lgl@island-resort.com>; Eric Voit (evoit) <evoit@cisco.com>
Cc: rats@ietf.org; Giridhar Mandyam <mandyam@qti.qualcomm.com>
Subject: Re: [Rats] Call for Adoption: EAT draft

Hi Eric, Hi Laurence,

I thought about this a bit more.

If I understand it correctly then your main concern is that we duplicate information in the CWT claims registry that is already available in other registries. Is my understanding correct?
I also hear a second concern, which is more about whether the existing CWT / JWT registry contains claims that are not suitable for use in an EAT token.

Underlying both concerns is the question about what makes for a good claim for use within an EAT token. Do we know the answer?

Ciao
Hannes

-----Original Message-----
From: Hannes Tschofenig
Sent: Freitag, 31. Mai 2019 09:55
To: 'Laurence Lundblade' <lgl@island-resort.com>; Eric Voit (evoit) <evoit@cisco.com>
Cc: rats@ietf.org; Giridhar Mandyam <mandyam@qti.qualcomm.com>
Subject: RE: [Rats] Call for Adoption: EAT draft

Hi Laurence, Hi Eric,

> So if an EAT is a CWT, then the proposal is to change the IANA registry rules for CWT in the EAT draft. Is that allowed? This is really a change to CWT and even JWT. Seems like it is saying that if a YANG-defined claim exists for a possible CWT or JWT claim, the YANG-based claim MUST be used.

IMHO everything can be changed.

> I think Eric’s thought about harmonizing is a good one. Learn from past efforts. Improve interop.

Learning from past efforts sounds always good. Let me pick on the example from below about draft-ietf-netmod-geo-location-01. It appears to me that the netmod group has either not looked at the work from the IETF GEOPRIV working group or ignored it. (I have not been involved in the netmod group and so I cannot say.) GEOPRIV published a number of RFCs that provide details about how to encode different geodetic location shapes (based on a mapping from GML), civic location, relative location, talks about uncertainty and confidence, how to encode moving objects, etc. While there is no need to use the info 1:1 there is a lot that can be learned from the work in that group. Of course, the content for the location encoding in draft-mandyam-eat-01 isn't much better.

For me the biggest question is whether location is actually a good source of information conveyed in an EAT token.

Eric, I understand that you do not want to duplicate information. I don’t want to do that either. I have been wondering about this aspect myself (particularly when I read the location claim). For example, in the LwM2M context we have a (pretty naive) location object as part of the data model as well. The data model we use with LwM2M is different to how data is modelled in the EAT token. Is this unavoidable? In some sense the situation is similar to the Yang-defined data model. The source of information comes from a different part of the system and is conveyed differently. Maybe you could call it a different layering where a device with Yang objects has to treat the EAT token as opaque (particularly since it is digitally signed and potentially encrypted). I am currently leaning towards seeing it that way from a LwM2M perspective.

Ciao
Hannes

~ snip ~

However, IANA registry rules revising aside, making it a MUST seems too much. I think the YANG-defined claims should be very much seriously considered, just like any other previous data structure definition, but that there be no blanket requirement.

To go a little further and to be clear. When a YANG-defined claim is used the CBOR encoding of it will be used with CWT and the JSON encoding of it will be used with JWT. This hinges on draft-ietf-core-yang-cbor-10 producing satisfying, compact and sensible CBOR encodings (binary data is really CBOR binary, claim keys are small integers…).

LL


> On May 30, 2019, at 12:19 PM, Eric Voit (evoit) <evoit@cisco.com> wrote:
>
> Hi Hannes,
>
> I do like EAT.  I am hoping that it gets adopted.
>
> At the same time, I am trying to avoid unnecessary mapping of claims from a chipmakers domain into system integrator /network operator domains.  I believe much pain can be avoided with a little planning up front.  That is what I am trying to facilitate with this discussion.
>
> Specific details/examples in-line...
>
>> From: Hannes Tschofenig, May 30, 2019 1:18 PM
>>
>> Hi Giri, Hi Eric,
>>
>> (a) some principles/guidance to CWT claims registry people on avoiding the mass registration of lightly-used or unused claims
>>
>> Why is this a requirement? When a claim is registered then it is most likely done with the anticipation that it will be used. I have not seen other IETF registries that have raised the bar to a similar level, at least the JWT claims registry does not work that way. Furthermore, what is the harm in registering claims that later turn out to be less frequently used?
>
> Let me provide a *best* case example.  In the NETMOD WG, there is a draft-ietf-netmod-geo-location.  Both that draft and this have definitions of latitude, longitude, altitude, accuracy, etc.   The *good* news is that both drafts are based on WGS84.  So at least our experts have lucked in to using a consistent resource.  But are these the same objects?  How does a reader know?   In one of the documents the latitude/longitude attributes are "FloatOrNumber", in the other they are "decimal64 {fraction-digits 16}".
>
> It of course gets harder for other objects.   The velocity objects in draft-mandyam-rats-eat are "heading" and "speed".  And draft-ietf-netmod-geo-location has this information "v-north", " v-east", and " v-up".  Here we have different formats, the first of which cannot be easily upgraded to serve three dimensions.
>
> And then we get into other harder objects where we will have timestamping, explicit domains of allowed entries, etc.  And is there is no boundaries on what might be claimed as an EAT, in theory we could create a parallel domain of objects without description on how to map between the two, placing the heavy lifting onto the implementer.
>
> Now I am not trying to solve world hunger in this thread.  I am just trying to have the draft consider minimizing inter-ecosystem friction where we can see it coming.  I believe with a little foresight we can ensure a consistent population and data typing for a subset of claims.   Without foresight, I see that people will create new CWT to avoid some later mapping.  And more/redundant CWT tags will harm interoperability.
>
>> (b) a requirement to map claims to existing YANG objects, if these YANG objects exist
>>
>> I also don’t understand this requirement. Is there some design rational why this would be needed/useful?
>
> Per above, EAT claim instances need to be integrated with other work/ecosystems in the IETF after the information comes off of a hardware chip.  A claim registry shouldn't create redundant info/formats to other work/ecosystems when it can be avoided, at least without broad discussion and consensus.   (I.e., lets avoid unconscious object definition and object domain overlaps wherever possible.)
>
> Eric
>
>> Cia
>> Hannes
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email