Re: [Rats] IANA pre-RFC code points

Laurence Lundblade <lgl@island-resort.com> Sun, 28 February 2021 04:29 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B0FB3A0C20 for <rats@ietfa.amsl.com>; Sat, 27 Feb 2021 20:29:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.017
X-Spam-Level:
X-Spam-Status: No, score=-0.017 tagged_above=-999 required=5 tests=[RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9qN_U9734l77 for <rats@ietfa.amsl.com>; Sat, 27 Feb 2021 20:29:18 -0800 (PST)
Received: from p3plsmtpa06-07.prod.phx3.secureserver.net (p3plsmtpa06-07.prod.phx3.secureserver.net [173.201.192.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 296873A0C17 for <rats@ietf.org>; Sat, 27 Feb 2021 20:29:18 -0800 (PST)
Received: from [192.168.1.248] ([187.223.43.160]) by :SMTPAUTH: with ESMTPSA id GDhklE8ngZK7AGDhllJa6h; Sat, 27 Feb 2021 21:29:17 -0700
X-CMAE-Analysis: v=2.4 cv=INzHtijG c=1 sm=1 tr=0 ts=603b1c1d a=A+brLe/toXe5fSjezY2Icw==:117 a=A+brLe/toXe5fSjezY2Icw==:17 a=IkcTkHD0fZMA:10 a=K6EGIJCdAAAA:8 a=7CQSdrXTAAAA:8 a=lKIKd7NtAAAA:8 a=48vgC7mUAAAA:8 a=bm9ZP5Y-9_NMZvrTlDMA:9 a=ZTnH1LZZIZxEnTVN:21 a=Y6C5cOar0milWW_w:21 a=QEXdDO2ut3YA:10 a=L6pVIi0Kn1GYQfi8-iRI:22 a=a-qgeE7W1pNrGK8U0ZQC:22 a=Q4nn7pJknIVYsolpXXmV:22 a=w1C3t2QeGrPiZgrLijVG:22
X-SECURESERVER-ACCT: lgl@island-resort.com
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
From: Laurence Lundblade <lgl@island-resort.com>
In-Reply-To: <7b79459f-b766-d821-e549-7b3068760a10@sit.fraunhofer.de>
Date: Sat, 27 Feb 2021 21:29:15 -0700
Cc: Thomas Fossati <Thomas.Fossati@arm.com>, "rats@ietf.org" <rats@ietf.org>, Simon Frost <Simon.Frost@arm.com>, Adrian Shaw <Adrian.Shaw@arm.com>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Content-Transfer-Encoding: quoted-printable
Message-Id: <31513B32-3CC6-4AE0-8C79-4A9078DEE3EE@island-resort.com>
References: <80F4DFAD-8A5D-44DC-BEDF-BA96B7F21991@arm.com> <D7AFAA80-B8EE-4657-8A81-71FE4F79E23B@island-resort.com> <CO1PR11MB51690D5D3D7EA17153C83EBAE5889@CO1PR11MB5169.namprd11.prod.outlook.com> <B549435F-1896-4A8D-A1FB-CE57567E824D@island-resort.com> <0CF448FE-B249-496E-B1A8-528B189DA16C@intel.com> <E386083F-DD06-452D-A6A7-6EEC0C79A1F8@island-resort.com> <DC3C69C6-4995-4050-B8E0-38057B321DE7@arm.com> <AC5754A8-1BC3-49E9-8B61-F7DA96BDDA99@island-resort.com> <79A5E862-B336-4B67-AE02-9E6F2E9375AC@arm.com> <B34C7BD7-6EE7-4948-911F-F1F92FAB3954@island-resort.com> <4473BF8F-2681-4F0B-8152-2194F23A12CE@arm.com> <7b79459f-b766-d821-e549-7b3068760a10@sit.fraunhofer.de>
To: "Smith, Ned" <ned.smith@intel.com>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
X-CMAE-Envelope: MS4xfFZGqIvQ2a7JqZRbS2yLFZN0+ZqxpdtgCq/H3CcvxZz7932RpY0kMiKdENDJ41luLXtsadvvojjptTPUZBUO/ttAZhWCdgJ17XwT6nnkhg4DUKg25OXa tumMEKdA2t4CdvYeN3wlyQ7prG3kYshwTT7NwOYEc1a11mPD+N0Yrho4OBm6h0z/pOV7r7KOCiPF2+aqnASXN6nAdjE3+pqGMDwt9/iyM7NBw1GeVqgLKqU1 aw6GkYG7bG2SzjforP3dFTEUpio/v2gkm0IQmSKj6d+xkfaNXWrQNsq1nllnCDyLnfb7VpRHkzvrLYUrOVDKUqpsvxDl5LhzTpDlAT61NruZwzDtiQvGU6W2 5Hj7zxf844tPlwBq7tQ17Ws0ToXSCrVlTkq/z+bjQszj+9Tlnjk=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/qq8H0cCbKj1-46a9XgO1AKbC__w>
Subject: Re: [Rats] IANA pre-RFC code points
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Feb 2021 04:29:22 -0000

OK. There’s a PR for OIDs and URIs now. It also does pre-assignment for the profile claim so it can be included. 

Ned, please advice on next step here.
 - Is Profile stable enough for reassignment?
 - If so, do we have to issue an -09 draft?

Please, no more request for claims for pre-assignment so we can get this done.

LL



> On Feb 17, 2021, at 3:06 AM, Henk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote:
> 
> + 1 to:
> 
> * oids as a preferred choice (uri are fine but alas not very concise)
> * avoiding unstructured text (and inheriting that weirdness here)
> * avoiding more registries (not only because of more delay)
> 
> On 17.02.21 10:55, Thomas Fossati wrote:
>> Hi Laurence,
>> On 17/02/2021, 00:59, "Laurence Lundblade" <lgl@island-resort.com> wrote:
>>>> On Feb 16, 2021, at 5:44 PM, Thomas Fossati <Thomas.Fossati@arm.com> wrote:
>>>> 
>>>> On 16/02/2021, 20:25, "Laurence Lundblade" <lgl@island-resort.com> wrote:
>>>>> Below...
>>>>> 
>>>>>> On Feb 16, 2021, at 11:10 AM, <Thomas.Fossati@arm.com> wrote:
>>>>>> 
>>>>>> On 16/02/2021, 17:43, <lgl@island-resort.com> wrote:
>>>>>>> 
>>>>>>> If we can agree that profiles are necessary and that a simple
>>>>>>> text string is good enough to name a profile, then we can put in
>>>>>>> in the pre-allocation.  We don't have to agree on the mechanism
>>>>>>> for defining profiles, just for naming them.
>>>>>> 
>>>>>> I think what is in -08 in terms of defining a profile is great.
>>>>>> 
>>>>>> I think we should just nail down the type and constraints around
>>>>>> the claim value.  The way it is now (i.e., plain, unstructured
>>>>>> tstr) creates an incentive to using short strings and therefore
>>>>>> increasing the chance of collisions, which is bad.
>>>>>> 
>>>>>> If we say:
>>>>>> ~~~
>>>>>> profile-claim = ( profile => $profile-type,)
>>>>>> 
>>>>>> $profile-type /= uri ; i.e., #6.32(tstr)
>>>>>> $profile-type /= oid ; draft-ietf-cbor-tags-oid
>>>>>> ~~~
>>>>>> 
>>>>>> We'd allow both human readable https://fidoalliance.org/profile/a,
>>>>>> as well as compact, machine readable 1.3.6.1.4.1.etc in a way that
>>>>>> prevents clashes.
>>>>>> 
>>>>>> I don't think it's crazy to expect the profile owner to also
>>>>>> control a DNS name and/or a PEN.
>>>>> 
>>>>> Yes, I was thinking we might want this to be a URI or such myself.
>>>>> Here’s several options:
>>>>> 
>>>>> 1) Make it string-or-uri like the JWT issuer, subject and audience
>>>>>    claims. Already well-established approach.
>>>>> 
>>>>> 2) Allow string, URI or OID. Most flexibility, but do we really
>>>>>    need OIDs?
>>>> 
>>>> I like OIDs because they are relatively compact and unambiguous.
>>>> They look like the CBOR-friendly equivalent of URIs.  They also
>>>> render well in JSON as strings in dotted notation.
>>> 
>>> I think a good very compact CBOR-friendly way would be to use a simple
>>> integer in some way.
>>> 
>>> One way to do that is to make an IANA registry for profiles with each
>>> entry:
>>>   - integer
>>>   - name
>>>   - URI
>> Yes, but we'd need another registry.  Going with URIs and OIDs (PENs)
>> would avoid the extra IANA round-trip.
>>> The profile claim in a token could be solely the integer value. Or it
>>> could be the URI or the text string.
>>> 
>>> I'd prefer that to more use of OIDs.
>> I am not married to any particular format, I am looking for one that can
>> effectively balance:
>> * compactness of representation
>> * minimal IANA impact
>> * collision avoidance of the identifiers
>>> The policy for the registry would be pretty loose. Just indicate the
>>> existence of some document somewhere. Maybe reserve the values less
>>> than 24 for profiles documents that are standards.
>>> 
>>> This seems pretty good to me, but I'm a bit worried about delaying the
>>> pre-allocation for it since it involves creating another IANA
>>> registry.
>> yep
>> cheers, t
>> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
>> _______________________________________________
>> RATS mailing list
>> RATS@ietf.org
>> https://www.ietf.org/mailman/listinfo/rats