IETF Logo Mail Archive

Re: [Rats] EAT Profiles

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Fri, 16 September 2022 15:37 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ADA7C1522DB for <rats@ietfa.amsl.com>; Fri, 16 Sep 2022 08:37:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=xr2yqab2; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=xr2yqab2
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XP6Fgwkk2t9f for <rats@ietfa.amsl.com>; Fri, 16 Sep 2022 08:36:58 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2083.outbound.protection.outlook.com [40.107.22.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2DD9AC1522D1 for <rats@ietf.org>; Fri, 16 Sep 2022 08:36:58 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=Kl+ssoI+t7bEor4ePd0NQzY/9IdYPvHy4/Yd0SR7Rzw55PgJtB7MPd/pa2Lo+oySaFwTWGXoZPzW0qv8AbFqJd/bFbO+fP6iWExfIhdiasnMZaMjfabCFpmUjJ/eyDcH5iwB6Px9loXiGo+swrzRIsCx8A/6UX71HilvljB7ag1XRqwlJDihI9pKYcxfBsW3c7hJ7cWegSP/RzMatYIoG35r6/PCYaZWnTDd9ECeVMuqyX0/BnYw7ylakTPya3PtelQDU1M3H/IKH1D5/ALcqqLS8gAKKvZ7lwctytUCAMEI6aQUXTOZm/A9dljiSSPOC0VLwmYEe3LTr83OIyWbXQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NH68PLi35tlu7GtfSw9Rmfs6IQAujLNojNW6SdWNBGI=; b=Y/7l897mhB3SYmStdM/VZaKsDelA6XyeIPA5QX5L7jN7TXEO1XGgOxJJQEEkqgCRpKpMEaaYsBpO/dwBm36wIwTXQn/cQdEXqcxhxsu8dDX2FnVL1ly4/RsyoaazfKtKk0SATMs5XU1umcko2+qZSBqk+jQOqQqQ5pRBoDusURnJVVpUf22K56+yA0ZFa3PHcW7Zq7YHnUnWaScq74sDwN6jMZgVJNgE/CiKOKNrNBduTthBQKMUfVmB0EdEZP5Q1/s8Py7EMn1oG/pZevK84rtZ35I7dRlwIgP8VuoprVVDvvTlgafC1KIN+zaV6FV023oij4RSNAZXisCc8VkgZQ==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=ietf.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NH68PLi35tlu7GtfSw9Rmfs6IQAujLNojNW6SdWNBGI=; b=xr2yqab27Uf126MV8ubWC8XCbfioGX6Dzl6uvqeFWAKT2BFkXih6GmRNb8MkpxpG5MAXZB3DCc5jJ2QuF0dCVyoI7roXXEnv8tCQ5IDQMMha6Y8CVggqqOLj5/vhpNeB0xF7N0HEf+uer0/4QQkSfaRdz9Ps+frAhJbzzJIhibA=
Received: from DB7PR05CA0062.eurprd05.prod.outlook.com (2603:10a6:10:2e::39) by AM9PR08MB6690.eurprd08.prod.outlook.com (2603:10a6:20b:301::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5632.16; Fri, 16 Sep 2022 15:36:54 +0000
Received: from DBAEUR03FT007.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:2e:cafe::61) by DB7PR05CA0062.outlook.office365.com (2603:10a6:10:2e::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5632.16 via Frontend Transport; Fri, 16 Sep 2022 15:36:54 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DBAEUR03FT007.mail.protection.outlook.com (100.127.142.161) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5632.12 via Frontend Transport; Fri, 16 Sep 2022 15:36:53 +0000
Received: ("Tessian outbound 88978e6d60db:v124"); Fri, 16 Sep 2022 15:36:53 +0000
X-CR-MTA-TID: 64aa7808
Received: from ba28aa835d60.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id C8399D7A-AF9C-45A7-8FFD-844FAAAF6D28.1; Fri, 16 Sep 2022 15:36:47 +0000
Received: from EUR03-DBA-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id ba28aa835d60.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 16 Sep 2022 15:36:47 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nnt6nwSA+AOATPo1URrhREjpqFXU8Cnc/PoA0y809uiWhBLXX9CsNdtiCrQx1d81Yur9FmbZL0/UH6Wm2KSzvG6Oa9XVC0HjBdFYTfpZt0qS7fYuX4CvN5njGx72XVGCgkkRp+2hvKaDPCnZXr6D4dnreXT6BhCi0tLu8asirK+KK1n6mYND7IvUJfG3Pw3sRiMkDoUg4mE+WZNUvxz8w10N/cvs+gTwSioKdE4mmhjoE5q4k49WsRIaB6Qzn8StwirYNKmC+pyXF4EHKVF5KVAFIFPq72b82UoTsj9JeYPp1jQqPFPbV1t8sIEQufXeSvczIhkB3JvNduVf9DLnnw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NH68PLi35tlu7GtfSw9Rmfs6IQAujLNojNW6SdWNBGI=; b=dpsJq8VpgzC/mOV3sW7bG2VbvS90npIn0Ek+atbKp/V3gPrqw6vwCP2fcnmKbFF8HDRz5q0vxMQVNAM0fvWumMdiB7BtFMVgmgP2cbB5m/dBWcDaCFQ0NV+7ayxDbxAJaU70TW9qZxPL4Z3qd8gBDqLQtlq3N4wak0TRkipEDXoahA7jn5B/mnWIaPUT4UwXlu7Cc73/7GPaP6/+RTgEvgELQo2rz8K5ddK5W6+bBTlMVZ3dr22vYb4JXTBlzdpU0anC7qMPJYrC9Ud0JJcshUgA63UYlgRem3668w2JFumhwfAgNawpAKT3S2KZz4elHfNox7jqS1XyEObpVvl0pg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NH68PLi35tlu7GtfSw9Rmfs6IQAujLNojNW6SdWNBGI=; b=xr2yqab27Uf126MV8ubWC8XCbfioGX6Dzl6uvqeFWAKT2BFkXih6GmRNb8MkpxpG5MAXZB3DCc5jJ2QuF0dCVyoI7roXXEnv8tCQ5IDQMMha6Y8CVggqqOLj5/vhpNeB0xF7N0HEf+uer0/4QQkSfaRdz9Ps+frAhJbzzJIhibA=
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com (2603:10a6:10:20d::17) by DU0PR08MB7486.eurprd08.prod.outlook.com (2603:10a6:10:356::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5612.22; Fri, 16 Sep 2022 15:36:46 +0000
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::175:5593:658:8352]) by DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::175:5593:658:8352%5]) with mapi id 15.20.5632.015; Fri, 16 Sep 2022 15:36:46 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] EAT Profiles
Thread-Index: AQHYyEuC1ToiOxtxD0CrmJtWlazaGq3iMc4A
Date: Fri, 16 Sep 2022 15:36:46 +0000
Message-ID: <DBBPR08MB5915AC23726BF997EB9E44C4FA489@DBBPR08MB5915.eurprd08.prod.outlook.com>
References: <71934.1663019954@dooku>
In-Reply-To: <71934.1663019954@dooku>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 5B3C3EC9AEBBC54AB60796C43770C0CE.0
x-checkrecipientchecked: true
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
x-ms-traffictypediagnostic: DBBPR08MB5915:EE_|DU0PR08MB7486:EE_|DBAEUR03FT007:EE_|AM9PR08MB6690:EE_
X-MS-Office365-Filtering-Correlation-Id: fafb7ee0-b4a8-410b-0792-08da97f9482e
x-checkrecipientrouted: true
nodisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: sSpWO17DeCN2/hDOZhe+FikRxp4HOT1tpnt4kDGN5ZhrfKfs3s+up6NMjnzDTgVXk3zeHNZFoFctY1sKiUOkR2KMlLJVDskASPnqiToODcRq7FLeWmwMhGnI1CIY38/71njJHoylREc769hxZ4jDaupLHAyb0NUO1OMdTEe+4h+oxaDDW+obJ6kUbW0J/RIPkC1pMP9qCi9D+zO1912N6Sd5ZVhSx90iFH1JF4GHVq+O63wJDtCgQx5TGppGIbGH4t0JPdTgnhYuTaN1MjpkB81i1IkQ87xQm0yfd2NsikjE4LsdqJ4st8nzdnb4ZMw3Ny3LZnP0S+pLDLQaiupTCZ0bEtISKI9cofpjUF+2e1BmEO9zz+Ko1QBhVDufpnEjgZ15fv/uxx8CK6xeV6FYNn6YezWbNZUjOC70PeX8rs+V9oNLyDfoDNEVSuO3rfuE9EmH3pAzgFwQ5t01qRtbsHD9+sLSx1jA13mGhcQjVQOf3SSg833tqkblLk/WBTZrNP3azw8hDa3S/Xh5czrrqv8RDeuUdTc9Bvd8LW9W+6QurtiUlZVln9efGdBXHNx1KSzUzMhv6wAuq6LiBg24oPTrBqimU8bQGrioUMpYrJo8jzyCAOL6WyOb2YCu7YnAAnlPB61gOdsIXdkKwHCZ3E1rUOFnP2YmGc7sfhHNrMqjbjubCweERGj1TD9qjq6dYS942H2eOMM3yKkmkbQuh+7BomwbdUik9b5Sg0P6hJwUoOr5zbTX1mv0vGYsE+HrKVZlPyIqxApESRlV95i7kkOuq8MsWwD1W8KyJtM/ozi1varDuPq5AEPON159d6K2Iu1LX3w2uFKJ2X6S+K7pdQ==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB5915.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(136003)(376002)(346002)(396003)(39860400002)(366004)(451199015)(66446008)(66946007)(71200400001)(8676002)(110136005)(6506007)(122000001)(66476007)(66556008)(76116006)(64756008)(7696005)(966005)(53546011)(38100700002)(41300700001)(26005)(9686003)(478600001)(83380400001)(186003)(316002)(55016003)(38070700005)(8936002)(5660300002)(33656002)(86362001)(2906002)(52536014); DIR:OUT; SFP:1101;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR08MB7486
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DBAEUR03FT007.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 18af9d85-f392-42b6-a367-08da97f94373
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: VnrTIRPAmu6hThMR6v1ena5t3R7fiSclrid4tOYxBNLjNfseI2qbySbZEEyiZG7GkBmUnQGAZnJIKhBerCiBT7e6E0jcfQ0ZQk1mOXmamTvk1SktqdKSLvWQMr9zv9pA2TWwFP5MNzcOdNM0Pu4NheW0vnZvUJ4oEeWbsuQrIk7oENKaybDchlz1Hh7w2JXrTplUV1OGnDGVlkDJms/kX31yocvvtc9jFyfSvMmqRI6lDS81B9kUjF8elOZU77J85AogQNGSoJLeCNJJsMd2zr/RzzL7vNw6Go/hKhtG4rIErIFcKp0wWEw4uCM5h+BUc+rZcTk1x8ZQc/VmuHv2TxYF1ksupVIZwstA158+spyJD5bWkditB7DdvJQ9MPIjkxZzRUxL+2RhUBoJwuL6WEdqdqobw4Lnl8c0sRD9dIZ8myjfVKTNmm52bXjdQvPeAMQGua61lwPYjvt3Umz0jn7f2FaihBr0QPMPRhOj8ChRUgMqO2AXug/Qul+jMBhHirdAcFuYQMsbVYHBT/PP4HdtG15qiIjtPUtRe2Lff3CJJftYteRDREh6/dB7QDdH9cgNGHVrQ1iKgt8c8aZXPWEi6okW/A7/BhhSoQeOusomublDyuV/wZVpt0SN36hwY99MG5CTU4YJNTScGm0fu3VSFrXe4NzUZW24Rbk/5NZxYhsxtKqpW3fdYipFNEWfeqpFmmCH8qwTEPV+ZYgV1p1fOrS1MBlkpdyZKhDEYYozw1wynmHVe4DV9A38v1CsoJOZWXR7PR54h86lcBn0+o7j7d0BF/6T9IRMmOpas9B7NXutJGPAxl6YOecWzQfPbRBW0XGJh9yeMQbxHfr25Q==
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230022)(4636009)(396003)(136003)(346002)(376002)(39860400002)(451199015)(36840700001)(46966006)(40470700004)(2906002)(82740400003)(81166007)(26005)(53546011)(6506007)(7696005)(86362001)(356005)(478600001)(33656002)(966005)(82310400005)(9686003)(70586007)(70206006)(83380400001)(186003)(336012)(40480700001)(110136005)(47076005)(8936002)(36860700001)(5660300002)(52536014)(8676002)(55016003)(316002)(40460700003)(41300700001); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Sep 2022 15:36:53.9817 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: fafb7ee0-b4a8-410b-0792-08da97f9482e
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: DBAEUR03FT007.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR08MB6690
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/sS1nPzogzFYGq1iLhGlEe_LuTd0>
Subject: Re: [Rats] EAT Profiles
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Sep 2022 15:37:02 -0000

Hi Michael,

I do not see a problem with the EAT profile in the TEEP specification.
I also have no problem with the EAT specification to define a list of items to think about when creating such a profile.
I am fine with having EAT leave options for profiles.

A few minor issues:

* Would it be useful to reference profiles by number (rather than URLs)? Probably so.
* Is it OK that the TEEP profile of EAT does not mandate certain claims? Maybe it should do so, but this would be a topic to discuss in TEEP not in RATS.

Ciao
Hannes

-----Original Message-----
From: RATS <rats-bounces@ietf.org> On Behalf Of Michael Richardson
Sent: Monday, September 12, 2022 11:59 PM
To: rats@ietf.org
Subject: [Rats] EAT Profiles


I read through the EAT profile for TEEP.  Dave posted the link at:

https://www.ietf.org/archive/id/draft-ietf-teep-protocol-10.html#name-eat-profile

let me reproduce some of it:

> profile-label: The profile-label for this specification is the URI
> https://datatracker.ietf.org/doc/html/draft-ietf-teep-protocol-10. (RFC-editor:
> upon RFC publication, replace string with
> "https://www.rfc-editor.org/info/rfcXXXX" where XXXX is the RFC number
> of this document.)

First, this really feels wrong to use a string here for a constrained object.
My first suggestion is that it be FCFS registry.

Second, the next bunch of items:

> Use of JSON, CBOR, or both: CBOR only.
> CBOR Map and Array Encoding: Only definite length arrays and maps.
> CBOR String Encoding: Only definite-length strings are allowed.
> CBOR Preferred Serialization: Encoders must use preferred
> serialization, and decoders need not accept non-preferred serialization.
> COSE/JOSE Protection: See Section 8.
> Detached EAT Bundle Support: DEB use is permitted.
> Verification Key Identification: COSE Key ID (kid) is used, where the
> key ID is the hash of a public key (where the public key may be used
> as a raw public key, or in a certificate).
> CBOR Tags: CBOR Tags are not used.

I really don't like the EAT has not made a clear judgement on these things
already.   I'd really really like EAT to be far more opinionated.

The above list looks like it will be 95% of CBOR-based EAT "profiles"
Could EAT just write this down, and give it a name?
That way, we can well tested libraries that do the right thing here.
I think that really this is where Eliot is coming from.
EAT is all a la carte, and we are asking for a coordinated, three course set-menu.
(Please pair the wine with the fish.)

> Endorsement Identification: Optional, but semantics are the same as in
> Verification Key Identification.

I guess I have to read more about what this means, as told me nothing :-)

> Freshness: See Section 9.

It's totally reasonable that TEEP would have some specific freshness requirements.

> Required Claims: None.
> Prohibited Claims: None.
> Additional Claims: Optional claims are those listed in Section 4.3.1.

This totally surprises me.  Are you saying that it's okay for TEEP evidence
to have *NO CLAIMS*?   Surely that can't be right.    If there was anything I
expected to see in a profile it would be a list of required claims.

> Refined Claim Definition: None.

This is part of what worries me.  There should never be any semantics changes between profiles for claims.

> Manifests and Software Evidence Claims: The sw-name claim for a
> Trusted Component holds the URI of the SUIT manifest for that component.

okay, this is actually important.



--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -= IPv6 IoT consulting =-



IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email