Re: [Rats] CWT and JWT are good enough?
"Eric Voit (evoit)" <evoit@cisco.com> Thu, 19 September 2019 19:32 UTC
Return-Path: <evoit@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 113E11200BA for <rats@ietfa.amsl.com>; Thu, 19 Sep 2019 12:32:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=hoaNBrmI; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=PEfJ7yph
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tDdfa-uC1uOJ for <rats@ietfa.amsl.com>; Thu, 19 Sep 2019 12:32:52 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B6A01200F8 for <rats@ietf.org>; Thu, 19 Sep 2019 12:32:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6045; q=dns/txt; s=iport; t=1568921572; x=1570131172; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=/biHJ90pum1QICHoMPK1JkrIx1x9QTOAzaHcPlWaTDw=; b=hoaNBrmIkpDKiF2MCv7QZFH0r03c1avBZ60Yu1zKIzZA3teC1RMr/F4a mxjto+jLvwY7ICNHBzDNNJBUAFqLFc1wYx/ysxmGdjGl0+WrnasdkW1QA a8IM6vDgD/eoFQA2v8PTV+ECRvpjsTIcpwULfU9yJ/csqVt0B99RzrRgM Y=;
X-Files: smime.p7s : 3975
IronPort-PHdr: 9a23:Gj6v9BBIbGT7rSrOUcoUUyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qg93kTRU9Dd7PRJw6rNvqbsVHZIwK7JsWtKMfkuHwQAld1QmgUhBMCfDkiuIeDtbjASF8VZX1gj9Ha+YgBY
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AvAQDS1oNd/5pdJa1mHQEBBQEHBQGBUwgBCwGBRFADbVYgBAsqCodfA4RShipNmgKBLoEkA1QCBwEBAQkDAQEYCwoCAQGDP4EAAoMDIzQJDgIDCQEBBAEBAQIBBQRthS0BC4VLAgQBARAuAQEsDA8CAQhGAiULJQIEEwgGFIMBgR1NAx0BAgyiNwKBOIhhgiWCfQEBBYUJGIIQBwMGgTQBgVCKOBiBQD+BEUaCHi4+gmEBAYFjgzuCJpYElwYKgiKDQYIujzSCJgGWfItBglWZEQIEAgQFAg4BAQWBUjiBWHAVO4JsUBAUgU6DcoUUhT9zgSmOKgGBIgEB
X-IronPort-AV: E=Sophos;i="5.64,524,1559520000"; d="p7s'?scan'208";a="335523945"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 19 Sep 2019 19:32:51 +0000
Received: from XCH-ALN-006.cisco.com (xch-aln-006.cisco.com [173.36.7.16]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x8JJWp29014120 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for <rats@ietf.org>; Thu, 19 Sep 2019 19:32:51 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-ALN-006.cisco.com (173.36.7.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 19 Sep 2019 14:32:50 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 19 Sep 2019 15:32:46 -0400
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 19 Sep 2019 14:32:46 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q+a9u5BUdSmY4FXlERV1Y5BDYZm9b14aT3s8RvVXEXYf/7d24rrpOr4XVZYJhk1Q+y9fgVyQf/A2xj4519RFdC600Q3xBRezPes/VTOiW3IE7Bl/MMm1RktmGC0vqPTDZQJXzc7H3SoNGMoEK/OH7O6lAnMri1IVAGUM76UmK1XihwwAD3b2485n5R4tNRMCHpVHv0rvqDmzLHOpNDvBbCv7cijfGRpSBTkdofZN6PvnYCrpa8fYECCPVdQVEDvxEWEYq56RJb5ozMmx1KUghY+HYkSVR/veFo+wnQj6QUJkr01iv1uZTC9aPpkEUZZAYRyHwslOZM8gyui0mYj1PA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hEnjfTImfIPC/NPVIzYhPSfu0beXpuuM6vFRQBgRPks=; b=kM0LLh2GfKs9pxDmHevRmDNDBKJ0QeNtLWyo6hW7OySgnJSqlkeYgzB7klzaq9HjkNdNaGNVev1af6zDjO7Tr5yrRt67CVaXUbaPIn6BqfTSb4Jr9VUnc/A6c+zkmG5+JL2L1S1dQeW6dExrewdgHLQDP0dcgKgG28f4LrP4at8AwY1X4+mqW2SKGNUF5VkAKmyWconkjS2N9yHcIUzZfq+veqSd99ZJdvt3/2Vy3V+fpN7HIecdOP7Kps0eYTdMJ3/15D5KIRjYFVgnQh26I/JmXX5+/ppp/oVhXIowYylEd6zOjD2tIfK3kCaGtBculLjcxTHZWKdK8krUgRUfzA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hEnjfTImfIPC/NPVIzYhPSfu0beXpuuM6vFRQBgRPks=; b=PEfJ7yphHGCE+syyQyvzh6Lr+y6huOAF3SdfRiICdjvmhwyAEgXHOHAgvQNdO98VVdEkT8Bz0KYEBNRtLiUwer1DIiLh5yYx2S2f3Kka6bhK1REnGut8Ug61zGkfzddMaBaFtjzZ8Gr0LfhnsMWQKFjH5OD30oKgrxyB7joQzQ8=
Received: from BN7PR11MB2627.namprd11.prod.outlook.com (52.135.255.31) by BN7PR11MB2675.namprd11.prod.outlook.com (52.135.253.158) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.26; Thu, 19 Sep 2019 19:32:45 +0000
Received: from BN7PR11MB2627.namprd11.prod.outlook.com ([fe80::61c6:4b6d:cf6c:f095]) by BN7PR11MB2627.namprd11.prod.outlook.com ([fe80::61c6:4b6d:cf6c:f095%3]) with mapi id 15.20.2284.009; Thu, 19 Sep 2019 19:32:45 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] CWT and JWT are good enough?
Thread-Index: AQHVbRaC40/AmRUAgEq1s1ZgVaQM7KcvyGcAgAOeAiA=
Date: Thu, 19 Sep 2019 19:32:45 +0000
Message-ID: <BN7PR11MB2627F332B31BEEBA8E323D1FA1890@BN7PR11MB2627.namprd11.prod.outlook.com>
References: <CDC992AE-B6DB-4BAE-975F-6E2BF9ED2C97@island-resort.com> <CAHbuEH4fisaDTKOzEY2ZEfxiVyfZ4wYibdRzQUYxq4i8a8G_WQ@mail.gmail.com> <7EA14733-B470-4365-B4FA-FF2B63695464@island-resort.com> <30242.1568655684@localhost> <VI1PR08MB5360F2D6930190A12F754B6AFA8C0@VI1PR08MB5360.eurprd08.prod.outlook.com> <D41D72B8-7580-4599-982D-FC9EE00DC8DA@island-resort.com> <MN2PR00MB057612F252470B616DBE3D66F58F0@MN2PR00MB0576.namprd00.prod.outlook.com> <97E66C05-7683-470F-82D1-239BA9F179BC@akamai.com>
In-Reply-To: <97E66C05-7683-470F-82D1-239BA9F179BC@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evoit@cisco.com;
x-originating-ip: [173.38.117.66]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9bad4b50-4029-4b59-428d-08d73d3825d0
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600167)(711020)(4605104)(1401327)(2017052603328)(49563074)(7193020); SRVR:BN7PR11MB2675;
x-ms-traffictypediagnostic: BN7PR11MB2675:
x-microsoft-antispam-prvs: <BN7PR11MB267571C11C7E6089641D77FFA1890@BN7PR11MB2675.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:483;
x-forefront-prvs: 016572D96D
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(366004)(396003)(346002)(136003)(39860400002)(189003)(199004)(66066001)(9686003)(66446008)(64756008)(229853002)(2501003)(5640700003)(71190400001)(81166006)(55016002)(558084003)(966005)(66476007)(6436002)(76116006)(8676002)(71200400001)(316002)(6116002)(478600001)(66946007)(66556008)(6246003)(66616009)(8936002)(1730700003)(52536014)(6306002)(186003)(476003)(7696005)(99286004)(81156014)(6506007)(3846002)(6916009)(256004)(26005)(76176011)(102836004)(86362001)(25786009)(2351001)(14454004)(486006)(7736002)(305945005)(5660300002)(2906002)(446003)(74316002)(33656002)(99936001)(11346002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2675; H:BN7PR11MB2627.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: qumxtX8pOqFcxZ0kKnmbUIabjKEGZgrB0mTd+dr2iaHRP5akvF6hYSDFIcP8/cuz7YWNysrsGPtHO2HIIrZhN1svUg3OGjUawH3ObmrSsEBJJlKCjxWHhoTQzmTFTO4y8gLoBztijYnRjNDwSyEkXBrheoNLofS+lEuw0moaV6DdI3+cJY3JNGtfcFb9igbSfaUX0hxE/P31ifzRZoEeynFfCGA1dbpDjUC3/gdPc1XFj4d6KwlM43IOuwVoWD0Inkhpr3bxuP+bXTYc+WPve3LLcshn7c/nHQib1ohjz4t07AIk1lBKmYkHfiMF9UhI7ymqJFzmwhArwjt+YJ+n/vnf/x1DfkAyAW6jMV+4XHxvHcqX3mQ34dZm+ZilbCG+/79W+Vmwrn++f3bPo+rl2+t6R7+ykyN5A07KqDmNfa0=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0B44_01D56EFF.793B1A50"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 9bad4b50-4029-4b59-428d-08d73d3825d0
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Sep 2019 19:32:45.6513 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: P74TZ4p60vYqvReFQa56W7JEMWx9fdceKDgXtRCgPzzTAobBaJECJYeWl9hRLugZ
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2675
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.16, xch-aln-006.cisco.com
X-Outbound-Node: rcdn-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/rBO9nSwx61yqbgZZczPURSoc_GQ>
Subject: Re: [Rats] CWT and JWT are good enough?
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Sep 2019 19:32:55 -0000
And another +1 > > +1 for EAT claims being Specification Required. > > +2 :) > > _______________________________________________ > RATS mailing list > RATS@ietf.org > https://www.ietf.org/mailman/listinfo/rats
- [Rats] CWT and JWT are good enough? Laurence Lundblade
- Re: [Rats] CWT and JWT are good enough? Kathleen Moriarty
- Re: [Rats] CWT and JWT are good enough? Anders Rundgren
- Re: [Rats] CWT and JWT are good enough? Laurence Lundblade
- Re: [Rats] CWT and JWT are good enough? Laurence Lundblade
- Re: [Rats] CWT and JWT are good enough? Anders Rundgren
- Re: [Rats] CWT and JWT are good enough? Anders Rundgren
- Re: [Rats] CWT and JWT are good enough? Michael Richardson
- Re: [Rats] CWT and JWT are good enough? Giridhar Mandyam
- Re: [Rats] CWT and JWT are good enough? Anders Rundgren
- Re: [Rats] CWT and JWT are good enough? Giridhar Mandyam
- Re: [Rats] CWT and JWT are good enough? Hannes Tschofenig
- Re: [Rats] CWT and JWT are good enough? Laurence Lundblade
- Re: [Rats] CWT and JWT are good enough? Anders Rundgren
- Re: [Rats] CWT and JWT are good enough? Mike Jones
- Re: [Rats] CWT and JWT are good enough? Hannes Tschofenig
- Re: [Rats] CWT and JWT are good enough? Salz, Rich
- Re: [Rats] CWT and JWT are good enough? Michael Richardson
- Re: [Rats] CWT and JWT are good enough? Hannes Tschofenig
- Re: [Rats] CWT and JWT are good enough? Eric Voit (evoit)