Re: [Rats] Call for adoption of draft-birkholz-rats-reference-interaction-model

Laurence Lundblade <lgl@island-resort.com> Thu, 20 August 2020 16:50 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22AFD3A0B57 for <rats@ietfa.amsl.com>; Thu, 20 Aug 2020 09:50:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fcvC2sPbUPSV for <rats@ietfa.amsl.com>; Thu, 20 Aug 2020 09:50:28 -0700 (PDT)
Received: from p3plsmtpa09-09.prod.phx3.secureserver.net (p3plsmtpa09-09.prod.phx3.secureserver.net [173.201.193.238]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF2E03A0B4F for <rats@ietf.org>; Thu, 20 Aug 2020 09:50:28 -0700 (PDT)
Received: from [192.168.1.49] ([76.167.193.86]) by :SMTPAUTH: with ESMTPA id 8nljkEjgljUDF8nlkkQjpi; Thu, 20 Aug 2020 09:50:28 -0700
X-CMAE-Analysis: v=2.3 cv=G59i7Os5 c=1 sm=1 tr=0 a=t2DvPg6iSvRzsOFYbaV4uQ==:117 a=t2DvPg6iSvRzsOFYbaV4uQ==:17 a=IkcTkHD0fZMA:10 a=48vgC7mUAAAA:8 a=0n-vlVEVwLVXQyp6cCMA:9 a=JPkXZyH_pJINFWCW:21 a=nJ_IdM1qkaeSHfMx:21 a=QEXdDO2ut3YA:10 a=w1C3t2QeGrPiZgrLijVG:22
X-SECURESERVER-ACCT: lgl@island-resort.com
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
From: Laurence Lundblade <lgl@island-resort.com>
In-Reply-To: <19311dcf-cfe7-a2c0-c8cb-c0ec8aeca634@sit.fraunhofer.de>
Date: Thu, 20 Aug 2020 09:50:27 -0700
Cc: "Nancy Cam-Winget (ncamwing)" <ncamwing=40cisco.com@dmarc.ietf.org>, "rats@ietf.org" <rats@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <DBB885C0-93BB-41FC-8DAC-95F6F97EE449@island-resort.com>
References: <DBDAA23E-74BC-45C7-AA87-C303963131CE@cisco.com> <D4B37433-E0DF-4FE4-84E1-A8880359190B@island-resort.com> <19311dcf-cfe7-a2c0-c8cb-c0ec8aeca634@sit.fraunhofer.de>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
X-CMAE-Envelope: MS4wfBsf1pjL/K1qHcs429Hm0HZKT3lc5F7bhrKkdJEn1kEos52Ko5KBDd47TRerPjGvHUxk4gdri8TO8RUWL65GNpPBHyZ0iEl7kTeuIIMLcVanpyDj6pQT 43mOHXj9/5WmQLqNx1/jaCMhP7OvDzcBiUWoXc8kkcBdP+QRpqXhCYV65zfjalmXzn0IqpXtDZ9yLb8Hq76P6j2Pn8YaGxza7XV+dmBtqNHngJ8j8RjyAkNC 5i7HgHwJn9/IHVVuQHLUGpf3i9SjxeK5//Ef6umkf2E=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/ouXTnM0hQutBBR4siDkf7NFoBew>
Subject: Re: [Rats] Call for adoption of draft-birkholz-rats-reference-interaction-model
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Aug 2020 16:50:30 -0000

Your distinction between reference and generic makes sense.  Some text can be added explaining that. For example “the flows in the document are descriptive, not prescriptive; actual protocol flows may be different as along as they achieve the same results”. 

I suspect that mobile apps using the whole Web API development paradigm that use Android Attestation will have interesting flows that are dictated by the app, the layers in the web/app SW libraries and stack, how AWS/Azure/... works and so on. But they should still achieve in effect what is laid out in the reference interaction model.

I support adoption.

LL


> On Aug 18, 2020, at 5:40 AM, Henk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote:
> 
> Hi Laurence,
> 
> there is a slight difference between 'generic' and 'reference' (at least from my PoV).
> 
> Yes, 'these' are THE *reference* interaction models for all of RATS - that hopefully also accommodate all FIDOs (at least that was the intent).
> 
> Meanwhile, each reference interaction model is probably always specific to a subset of RATS use cases - which is intentional.
> 
> If a use case - or better: solution I-D - uses a specialization or derivate of a reference interaction model (because it describes something new) that can be easily elaborated on by using the reference models as... well a reference.
> 
> More generalization or more abstraction of course makes the models fit "better" to bigger sets of use cases, but it also removes the value they add. For example, if a solution does not require an Authentication Secret ID to be conveyed, then it can now simply refer to the concept and highlight why the contribution does not need that baggage.
> 
> As a result, I think I would neither call them "THE models" nor would I attempt to generalize them more. They are simply "THE reference models" that help with placing emerging solutions in the landscape of the exiting ecosystem (which is notoriously hard to do, typically).
> 
> I am not sure, if my reply was helpful or not, though :-)
> 
> Viele Grüße,
> 
> Henk
> 
> On 14.08.20 20:32, Laurence Lundblade wrote:
>> Henk and others, can you comment on how this relates to FIDO, Android Attestation, ARM PSA Token and such?
>> It seems that a decision has to be taken as to whether this is:
>> - THE generic interaction model for all of RATS in which case FIDO, Android and such have to fit into it
>> - One interaction model specific to a subset of RATS use cases
>> I did a quick read and it seems like FIDO, Android and such could fit. But it seems a commitment one way or the other is needed up front. If it is THE model, then the work to make sure it is fully generic needs to be done. People (not just me) will have to review it to see if it fits all attestation use cases. If it doesn’t there will be writing to do.
>> Right now it seems framed as THE interaction mode (abstract, introduction sections). Are the authors committing to this as THE Rats interaction model?
>> I think this needs to be clear before the document is adopted.
>> LL
>>> On Aug 12, 2020, at 1:25 PM, Nancy Cam-Winget (ncamwing) <ncamwing=40cisco.com@dmarc.ietf.org <mailto:ncamwing=40cisco.com@dmarc.ietf.org>> wrote:
>>> 
>>> Hello RATs members,
>>> At our IETF 108 session we discussed the draft:
>>> https://datatracker.ietf.org/doc/draft-birkholz-rats-reference-interaction-model/
>>> There was interest in the discussion on the adoption of the topic, but ran out of time to get consensus on “where” these interaction models should be documented.  Further, Henk started an email thread prior to our session to get a sense of interest and where these models would best be described.
>>> Given those results, there seemed to be a preference to keep the document as a standalone draft that describes all models.
>>> Thus, this is a Call for Adoption of the draft-birkholz-rats-reference-interaction-model to serve as the starting point for a standalone draft that describes all models.  If you have reservations for documenting interaction models, or for such a document to be a standalone draft to describe all of them please respond to the mail list and provide rationale for your concerns.
>>> The call for adoption will end on Aug 28.
>>> Best, Nancy (on behalf of the RATs chairs)
>>> _______________________________________________
>>> RATS mailing list
>>> RATS@ietf.org <mailto:RATS@ietf.org>
>>> https://www.ietf.org/mailman/listinfo/rats
>> _______________________________________________
>> RATS mailing list
>> RATS@ietf.org
>> https://www.ietf.org/mailman/listinfo/rats