Re: [Rats] eat-claims definition
Laurence Lundblade <lgl@island-resort.com> Fri, 06 November 2020 18:53 UTC
Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ECD33A0D1E for <rats@ietfa.amsl.com>; Fri, 6 Nov 2020 10:53:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XdPPPvbv9EQZ for <rats@ietfa.amsl.com>; Fri, 6 Nov 2020 10:53:12 -0800 (PST)
Received: from p3plsmtpa07-09.prod.phx3.secureserver.net (p3plsmtpa07-09.prod.phx3.secureserver.net [173.201.192.238]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7917B3A1015 for <rats@ietf.org>; Fri, 6 Nov 2020 10:52:43 -0800 (PST)
Received: from [192.168.1.81] ([76.167.193.86]) by :SMTPAUTH: with ESMTPA id b6qokifATvO3lb6qpka2wp; Fri, 06 Nov 2020 11:52:43 -0700
X-CMAE-Analysis: v=2.4 cv=WYPJ12tX c=1 sm=1 tr=0 ts=5fa59b7b a=t2DvPg6iSvRzsOFYbaV4uQ==:117 a=t2DvPg6iSvRzsOFYbaV4uQ==:17 a=pGLkceISAAAA:8 a=48vgC7mUAAAA:8 a=fURy2goLx40iiQqCfLUA:9 a=bkZ2pBmohn0Y-UNN:21 a=TbDq8LHgNvdip7cI:21 a=CjuIK1q_8ugA:10 a=-Y9pNgsahAVzGt4gZ04A:9 a=XKYL1Q_csJOaoMpt:21 a=OuBkfbmgISvSRfz6:21 a=2SdxhM4TZ-OLmkXC:21 a=_W_S_7VecoQA:10 a=w1C3t2QeGrPiZgrLijVG:22
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <4029630F-42B5-4EF5-9C6E-315D210D930E@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_2FE44FAD-4591-4294-A82C-BEDF02543984"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
Date: Fri, 06 Nov 2020 10:52:42 -0800
In-Reply-To: <CAObGJnMzEDEg+AyhG1SYMVV3dgZq2ikQvwB1w60kpNhVGRvi3w@mail.gmail.com>
Cc: rats@ietf.org
To: Thomas Fossati <tho.ietf@gmail.com>
References: <CAObGJnMzEDEg+AyhG1SYMVV3dgZq2ikQvwB1w60kpNhVGRvi3w@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.17)
X-CMAE-Envelope: MS4xfMbu/QIyhvY91g2+rRQRPKhSyQHLU5Lwi99ktNv++M7LGhjCF24bs9aF543HE+5lDd23L894OqUIzesrzC+KJJkmXDgRej13YTQw1hbeM+THvCjRVq3G fQRHlTbSnxfWbSEQVMa03eCW0dsZOXgwLz68Zb52/3IZ9cz5EsJT/jb97KhhiUCRKhLkXR50ZmC00gPW/EmIOaiQHK4g9BcSQvA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/rVyIhLY8-xHukl9oUkfbooFYZOU>
Subject: Re: [Rats] eat-claims definition
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2020 18:53:20 -0000
I think you are right and we should change to: eat-claims = { ? ueid-claim, ? nonce-claim, ... LL > On Nov 6, 2020, at 5:02 AM, Thomas Fossati <tho.ietf@gmail.com> wrote: > > Hi Laurence, all, > > I'm giving the latest EAT version a go and I got slightly puzzled by the > fact that the CDDL seems to allow claim duplication (at least > theoretically): > > ~~~ > eat-claims = { ; the top-level payload that is signed using COSE or JOSE > * claim > } > > claim = ( > ueid-claim // > nonce-claim // > origination-claim // > oemid-claim // > security-level-claim // > secure-boot-claim // > debug-disable-claim // > location-claim // > age-claim // > uptime-claim // > submods-part // > cwt-claim // > ; generic-claim-type // > ) > ~~~ > > Now, CBOR does not allow duplicate keys in a map, and that is re-stated > in Section 4.4.1 of EAT - BTW, I guess a ref to 7049 should be enough, > rather than duplicating text? > > With JSON the situation is slightly more nuanced (8259 a "names SHOULD > be unique"), but still it makes total sense to avoid duplicates if one > wants to maximise interop across different stacks. > > Besides, if we aim at isomorphism between serialisation formats we need > to go for the LCD here. > > So, wouldn't something like: > > ~~~ > eat-claims = { > ? ueid-claim, > ? nonce-claim, > ... > } > ~~~ > > more precisely describe what we actually want? > > cheers! > -- > Thomas > > _______________________________________________ > RATS mailing list > RATS@ietf.org > https://www.ietf.org/mailman/listinfo/rats >
- [Rats] eat-claims definition Thomas Fossati
- Re: [Rats] eat-claims definition Laurence Lundblade
- Re: [Rats] eat-claims definition Thomas Fossati
- Re: [Rats] eat-claims definition Ira McDonald