Re: [Rats] Question about WG Procedure -- Re: 答复: Use case -> architecture document

Guy Fedorkow <gfedorkow@juniper.net> Thu, 17 October 2019 01:20 UTC

Return-Path: <gfedorkow@juniper.net>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C0D71200EB for <rats@ietfa.amsl.com>; Wed, 16 Oct 2019 18:20:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DqLOj3S36Fh4 for <rats@ietfa.amsl.com>; Wed, 16 Oct 2019 18:20:22 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A40C120044 for <rats@ietf.org>; Wed, 16 Oct 2019 18:20:21 -0700 (PDT)
Received: from pps.filterd (m0108158.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x9H1GJpI008728; Wed, 16 Oct 2019 18:20:17 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=jqRjyxBo4F6WHBG0/zqdMbdNVH5WPP8R756FRprl/MY=; b=qlCmQxk2W6ELjvcfJjcQ/cE0U3P4uD8YlB+pONaa8KmgXXFHBZJDHKX0sGZaqVm4doHk Da9+708sJKXT9Z/GwpYMPGNSBJclfxxKjpkL6oraW8TbJeDtfE9CpIjplq3NVl+921YL dwRpZGJqBJ0krWFMtDbEkRXMI6M70vCVhKVdwSC0a3798mQTzenvYG1TI7tnIbRSbxVI UBXHd4IimTcAOIDhmsrl02PKvjGz0507msGQwxkiZMN35mha+S7uXvz177uDsnW488WR 2bNKvJvjpubSwDAb2TVPZHVa15C32sBE4eVvbxvvAW/eKlF+jRd55cnSqAu15MI5xW5D 4A==
Received: from nam05-by2-obe.outbound.protection.outlook.com (mail-by2nam05lp2058.outbound.protection.outlook.com [104.47.50.58]) by mx0a-00273201.pphosted.com with ESMTP id 2vmr0y5bn3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 16 Oct 2019 18:20:17 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oYPJ142DtFjF1Ovdo0Wxmih847E3eKoQ7sQOMNN0ogkEPnUrMSHVotrR/gTcEYaPBlH3biPxp80ZCpzIagGPN7ZTHzZRHZKkqJF2VDc8he8fYQSn2M07tBAaEhQex6tGacOW/TzwA/8w6g/FCn0E6rUDdJxirefYw14lZpeQhX4k0X/4rnpuKOKJXXI2ZikBxgowG1qVV5A8H/oM/yfDTx7F2xh7uHkMXhypVQ5C039igKaeIeDGaB4a4/GfWJHStbt4nUNCMRzmSnOYhANstRtwuvNl3g3KhmCnLipn4No/8wRueNiQLl2Jr1vKbgmwnDABIxoZzAfiTIQzc7oZWg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jqRjyxBo4F6WHBG0/zqdMbdNVH5WPP8R756FRprl/MY=; b=nTSGxB/sGRhh3r8Xo1mMgaowsNwlwzcTONEiqtJFE8Ogh/iqIQgC6wsaPzVnXBOXzyhaCFwp+tk/yHO4nUPtH/GAAypkIaktBXZsnJ7px8IXhNsvqSZ5f8BpKiNtH5YVmbPXWHQlpyWvJDvwcLNpubGTXJI14sdQ4juhR5toyuzzpRpeQyH5zazDsW3FQXM+R8I1CIgnflZY7UcvyHqO2y9wMlMyKYmjrj+rGY5useWkq9Md+Z5/0oLeItol5s55wDn1ktHlCACWOrvSL1NqYdJrsvTDdi2nfeLBScAXz0SHSkYdYIVmapDfVCimoKC+PC/Bh3hoiWU3CL/DGX5dgQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
Received: from BYAPR05MB4248.namprd05.prod.outlook.com (20.176.251.147) by BYAPR05MB6437.namprd05.prod.outlook.com (20.178.232.217) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.16; Thu, 17 Oct 2019 01:20:14 +0000
Received: from BYAPR05MB4248.namprd05.prod.outlook.com ([fe80::dd02:9d00:19f6:b4e]) by BYAPR05MB4248.namprd05.prod.outlook.com ([fe80::dd02:9d00:19f6:b4e%6]) with mapi id 15.20.2367.016; Thu, 17 Oct 2019 01:20:14 +0000
From: Guy Fedorkow <gfedorkow@juniper.net>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
CC: "rats@ietf.org" <rats@ietf.org>, Thomas Hardjono <hardjono@mit.edu>, "Smith, Ned" <ned.smith@intel.com>, Laurence Lundblade <lgl@island-resort.com>, Jessica Fitzgerald-McKay <jmfmckay@gmail.com>
Thread-Topic: =?big5?B?W1JhdHNdICBRdWVzdGlvbiBhYm91dCBXRyBQcm9jZWR1cmUgLS0gUmU6ILWqzmA6?= =?big5?Q?_Use_case_->_architecture_document?=
Thread-Index: AQHVhEZCSncHjpmPrUeIQjqf+7xFgqdeB+5w
Content-Class:
Date: Thu, 17 Oct 2019 01:20:14 +0000
Message-ID: <BYAPR05MB4248E5146D990AB28BAD0FB1BA6D0@BYAPR05MB4248.namprd05.prod.outlook.com>
References: <CAHbuEH7f0jjquR=iZDgof4DkgpZKgxEP86NcQ0A1NQ=SP+_FHA@mail.gmail.com> <C02846B1344F344EB4FAA6FA7AF481F13E9560C0@dggemm511-mbx.china.huawei.com> <1571169312645.46550@mit.edu> <08D3CA59-6797-47D8-86CE-3A3B1E5EEE7A@intel.com> <1DCF08C6-A75C-4725-9CED-321D288CB4D3@island-resort.com> <F31B1F51-0A3E-42C4-8C45-F6481FFF9AB4@cisco.com> <CAHbuEH4_ArK_KbMeJwZr7fWDOMYB91kesgTxMB47LS+3eMce1g@mail.gmail.com>
In-Reply-To: <CAHbuEH4_ArK_KbMeJwZr7fWDOMYB91kesgTxMB47LS+3eMce1g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=True; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Owner=gfedorkow@juniper.net; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2019-10-17T01:20:11.6466672Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=Juniper Business Use Only; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Application=Microsoft Azure Information Protection; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=8e568867-a7cd-4af6-acf9-06941246259f; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Extended_MSFT_Method=Automatic
dlp-product: dlpe-windows
dlp-version: 11.3.2.8
dlp-reaction: no-action
x-originating-ip: [66.129.241.14]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 861a322a-a1a2-4ca1-1e62-08d752a029ce
x-ms-office365-filtering-ht: Tenant
x-ms-traffictypediagnostic: BYAPR05MB6437:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <BYAPR05MB6437DB19388A1F3F353A751ABA6D0@BYAPR05MB6437.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-forefront-prvs: 01930B2BA8
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(396003)(366004)(39860400002)(136003)(199004)(189003)(51914003)(4326008)(486006)(7696005)(52536014)(316002)(76176011)(224303003)(5660300002)(99286004)(7736002)(25786009)(110136005)(54906003)(2906002)(26005)(33656002)(11346002)(476003)(74316002)(790700001)(446003)(6506007)(606006)(6116002)(186003)(3846002)(102836004)(966005)(478600001)(64756008)(66446008)(54896002)(6306002)(236005)(81166006)(55016002)(71190400001)(53546011)(71200400001)(8936002)(81156014)(9686003)(66476007)(76116006)(66066001)(229853002)(14454004)(66556008)(256004)(6436002)(86362001)(14444005)(6246003)(66946007); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR05MB6437; H:BYAPR05MB4248.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2ZshdT498cJ5lZZiIjpr9kxX6Z6Yuu232YVpuuF4Eq5PjZQzTFqhAmn+A9v3vMyP8U493kIcRbb2DrBtOpf9+CaJ4eVWZ39PaI2jUe4ugN2arha3aYz1FrQ+7lwxclt6ToEo72NZ75dDf/dA6YQO/XEPq+OjqJEqDwZpbHAA/45HqpUDlLMk04g3HqrZaXJac1kqcxyIuTi5XATcuFpmMcACEJwTKd56af21yBRH3W8AIXRtc1HTrt0dnudlFMX+CyvyQGlj644KwJAMiMiWcZoi5NMK/3a/7l4pULWBWV2J07jQvxSOUzaOCES3JvR07ylCEu+9yoIptOzL027B0iJjOKZDPmPU0C94CDYFqeOWeuWLj/wG9QaD6ZW8BrOXWDqmwpqtmHFch0YBIcVpx/wnjzX3kVs4nQUt9e/s06ujuRTHYEFQoKtKFVTm1xJvGjphYAjcMAllcRDSG4PUtQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BYAPR05MB4248E5146D990AB28BAD0FB1BA6D0BYAPR05MB4248namp_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 861a322a-a1a2-4ca1-1e62-08d752a029ce
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Oct 2019 01:20:14.4544 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pfX7Deu97If1K8m1iX1OL4F6wOQwwMOlTiQvDn03venEWGwoTPOfw1s+8CiX0k0rcWmMnwda5oSY2lRZgCYl1g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB6437
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,1.0.8 definitions=2019-10-17_01:2019-10-16,2019-10-17 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 impostorscore=0 spamscore=0 mlxscore=0 clxscore=1015 malwarescore=0 lowpriorityscore=0 adultscore=0 priorityscore=1501 phishscore=0 suspectscore=0 bulkscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1908290000 definitions=main-1910170006
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/q9d86KEWxBS_ir5DhfLNBQjNAi8>
Subject: Re: [Rats] =?big5?b?UXVlc3Rpb24gYWJvdXQgV0cgUHJvY2VkdXJlIC0tIFJlOiA=?= =?big5?b?tarOYDogVXNlIGNhc2UgLT4gYXJjaGl0ZWN0dXJlIGRvY3VtZW50?=
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2019 01:20:25 -0000

Nancy, thanks for the summary.

  I think the RIV work is depending on the YANG model, but I don't think there's an immediate dependency on the architecture document.  I do think Henk's architecture doc serves an important role of unifying the terminology so it's not all so darn confusing to talk about, but that's an evolving process.

  TEEP, EAT and RIV all share a common set of roles and concepts, centered on claims, evidence and proof, but the plumbing seems sure to be different...  YANG is the obvious path for RIV, but likely of no interest in TEEP.  Reference Manifests are critical for RIV, but probably don't make much sense in some of the other applications.  And I'm sure we'll find lots of other areas where the broad concepts and roles align, but the nuts and bolts differ.  And I can’t really say yet whether RIV is a passport, a background check or some other kind of statement of authority, without some more thought.

 So I'm not sure of the implication of using the name "Profile" to describe these application spaces, but it does seem like a way to achieve as much commonality as possible without imposing artificial requirements on one application because of some aspect of another.

  So I agree that we should carry on with the path of developing the applications while keeping them synchronized where practical with an evolving architectural framework.

  Thanks

/guy




From: RATS <rats-bounces@ietf.org> On Behalf Of Kathleen Moriarty
Sent: Wednesday, October 16, 2019 1:21 PM
To: Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com>
Cc: rats@ietf.org; Thomas Hardjono <hardjono@mit.edu>du>; Smith, Ned <ned.smith@intel.com>om>; Laurence Lundblade <lgl@island-resort.com>
Subject: Re: [Rats] Question about WG Procedure -- Re: 答复: Use case -> architecture document



On Wed, Oct 16, 2019 at 12:01 PM Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>> wrote:
Hi,
Comments below:

From: RATS <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org>> on behalf of Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>>
Date: Wednesday, October 16, 2019 at 08:50
To: "Smith, Ned" <ned.smith@intel.com<mailto:ned.smith@intel.com>>
Cc: "rats@ietf.org<mailto:rats@ietf.org>" <rats@ietf.org<mailto:rats@ietf.org>>, Thomas Hardjono <hardjono@mit.edu<mailto:hardjono@mit.edu>>
Subject: Re: [Rats] Question about WG Procedure -- Re: 答复: Use case -> architecture document


On Oct 16, 2019, at 8:13 AM, Smith, Ned <ned.smith@intel.com<mailto:ned.smith@intel.com>> wrote:
...
The original milestones suggested that the timing could lag that of other drafts (that seem to address more immediate needs.) Maybe that is no longer the case because of a need to agree on terminology, attestation workflows or connection endpoint semantics?
...
EAT is not being held up by lack of a completed architecture document. The same might be true of the yang draft.
[NCW] Fully agree….and  we did state (perhaps it was during the BoFs) that the architecture could be done in parallel as on several occasions the architecture gets “tweaked” based on the adoption of the actual schemas, protocols and interfaces adopted.

i think it is still true that architecture can lag the other documents.

Lots of use cases already know what to do about end-end flows and architecture. FIDO and Android attestation already have their flows. They could use EAT without any IETF architecture document.

Seems like the architecture effort is attempting a unified field theory of attestation across all use cases. I think this is of value, but hard to do.
[NCW] Abstractly, I think there is general agreement on most of the roles despite the naming of the roles and how they potentially fllow.  That, to me, can be the basis for the architecture, the models that Dave describes are more of the interactions that define the interfaces or communications between the roles.  I’m not convinced yet on the hardship other  than the discussions on the terminology

+1 - I agree with Nancy's responses.

Best regards,
Kathleen


LL

_______________________________________________
RATS mailing list
RATS@ietf.org<mailto:RATS@ietf.org>
https://www.ietf.org/mailman/listinfo/rats<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/rats__;!8WoA6RjC81c!QPjU6lR6J46IpURFEcp4c8wKWOkTyCdcWEdS8JSelGCgaNiMA-8LefPfKHUTOPM5tdM$>


--

Best regards,
Kathleen


Juniper Business Use Only