IETF Logo Mail Archive

Re: [Rats] Call for Adoption: EAT draft

Laurence Lundblade <lgl@island-resort.com> Sun, 02 June 2019 10:33 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF3291200B9 for <rats@ietfa.amsl.com>; Sun, 2 Jun 2019 03:33:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.397
X-Spam-Level:
X-Spam-Status: No, score=-0.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=1.5, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oehG2P9dBo01 for <rats@ietfa.amsl.com>; Sun, 2 Jun 2019 03:33:34 -0700 (PDT)
Received: from p3plsmtpa12-08.prod.phx3.secureserver.net (p3plsmtpa12-08.prod.phx3.secureserver.net [68.178.252.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E0B61200F9 for <rats@ietf.org>; Sun, 2 Jun 2019 03:33:33 -0700 (PDT)
Received: from [192.168.1.108] ([188.4.94.123]) by :SMTPAUTH: with ESMTPSA id XNnrh22fIypiQXNnthHpwO; Sun, 02 Jun 2019 03:33:32 -0700
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <4A0EA92C-80B3-471A-B61D-D9433BE81346@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_0F9F37E2-8DD3-4987-8E05-48515259E842"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Sun, 02 Jun 2019 03:33:26 -0700
In-Reply-To: <a811aa42-edee-a3c1-0a73-284f088dca6a@sit.fraunhofer.de>
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "Eric Voit (evoit)" <evoit@cisco.com>, "rats@ietf.org" <rats@ietf.org>, Giridhar Mandyam <mandyam@qti.qualcomm.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
References: <CAHbuEH6Mdwp+neWbcecA-pMYZoXKiNda2A0EnMh-8WX=W9_edA@mail.gmail.com> <DM6PR11MB408939CC9EA79D479B76586DA11E0@DM6PR11MB4089.namprd11.prod.outlook.com> <E09EB1B2-ED56-4F1B-8D80-BF0D227199A3@island-resort.com> <82b0a75e5b5645d1a43d240373bca6dc@NASANEXM01C.na.qualcomm.com> <DM6PR11MB4089DAD248EEAAF9F92F2C0AA11E0@DM6PR11MB4089.namprd11.prod.outlook.com> <50ddca72a9074e229976ca88f78e340a@NASANEXM01C.na.qualcomm.com> <DM6PR11MB4089BF4C3F319894DAE8722AA11E0@DM6PR11MB4089.namprd11.prod.outlook.com> <175ea22d1a1948d48f8180424cc89ec0@NASANEXM01C.na.qualcomm.com> <VI1PR08MB5360CE8EFA93515A140D30F2FA180@VI1PR08MB5360.eurprd08.prod.outlook.com> <DM6PR11MB408967D6E5EF0A355CF0D60BA1180@DM6PR11MB4089.namprd11.prod.outlook.com> <D53ECF26-E2F5-4BD5-A81F-BBE1AEEB4541@island-resort.com> <VI1PR08MB5360919E4669734878D75F6EFA190@VI1PR08MB5360.eurprd08.prod.outlook.com> <VI1PR08MB53608BBD4BC156012237D3C6FA190@VI1PR08MB5360.eurprd08.prod.outlook.com> <a811aa42-edee-a3c1-0a73-284f088dca6a@sit.fraunhofer.de>
X-Mailer: Apple Mail (2.3445.9.1)
X-CMAE-Envelope: MS4wfHsgKoISvh6MWNxELxKQZogF/UzA/aZtpXa0Lm/SxI7PPEU86dNuRGtQeQwjdyMozEAQuvBldY/apdM/MyIsMA5ppi6F58yg+z7hr77pWRkggv+8cfje XIIAvJF7ttSp3BvQDc17E0OYUYDPTu6tRhi6VYb0/cj7+42yNLxTcTQMgvQatL1IlLgmX/SseZVfj2UI8fPP5GOfV+A9+uyKfYCKUQ10lqKliHuKqIjHTKuk /yU4V1DVS2DM+BE6feEtwnp/NuzrkhjRdEXKbHw/Z+nvLZEvMRaxfiwqDGl46wy79XkdAxTuWVGYjIK5FNG6cA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/pT7y_KZ0EZVUY4wnu6taBf3vJUs>
Subject: Re: [Rats] Call for Adoption: EAT draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Jun 2019 10:33:36 -0000

I think it makes sense to separate into two:

1) New rules and advice for registering CWT/JWT claims
2) A basic set of attestation-related claims this WG will define

To go on about 1), it seems we are expanding CWT/JWT from just being auth tokens to also being attestation tokens and also identity certs (draft-birkholz-core-coid-01) and maybe X.509 replacements. This seems like mostly a good idea to me. It will be super cool that code can be shared by all of these for example. Lots of claims will overlap which is good too.

So I don’t think it makes sense to talk about "expert review of EAT claims". Rather we should talk about "expert review of CWT/JWT claims" and how it should be different than it is now.

Also, if you haven’t looked at the register JWT claims, it’s worth checking out: https://www.iana.org/assignments/jwt/jwt.xhtml. Am also curious what people think of bringing them into CWT and especially how we avoid conflicting duplication between CWT and JWT.


To say more about 2), it seems we should really work to come up with a nice, well-thought-out, medium-sized, coherent set of claims for attestation and put them in an RFC. This is roughly what the EAT draft is.

LL

v2.23.0 | Report a Bug | By Email