Re: [Rats] Robert Wilton's Discuss on draft-ietf-rats-eat-21: (with DISCUSS and COMMENT)
"Smith, Ned" <ned.smith@intel.com> Thu, 07 September 2023 17:24 UTC
Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F2D9C14F75F; Thu, 7 Sep 2023 10:24:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=intel.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BWi7-_eggIcj; Thu, 7 Sep 2023 10:24:39 -0700 (PDT)
Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09FE7C1524B6; Thu, 7 Sep 2023 10:24:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1694107479; x=1725643479; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=K83/vRLo1lS+vSwVV5xuUY66ntxRlrXFFgM84CQyI3Y=; b=ZEjzL1tyNtub7WG8HYm4RMJopY4eYvP6fe8fN6xWGpWaXy14zVJRK4Q7 R9iVUUHOYCqX0PiYrPxERU+gXO+AuzVZ1N9TWnQ82V0vP98TYc4BZ1ryY 4X0tPNydnzTVInXTXJzP0ueettyf7een7iBpzYfILUl7VJIOZKQpbt+3d s9kR6lvEiqwRE/wiffn+hX7LgK7css+5Mak+PuH8yi0K1ccIh4mhJv5tC kXBbsixCvefJ9tJdlhESoBWmd+MKzF02mv7gx+36vgDzipsM+Gyrgl80p a5btMa9Y2/PIQLA3e5y2aEvlQny6TRaE4VI+1kNarpod5YMcSefb+GkKt w==;
X-IronPort-AV: E=McAfee;i="6600,9927,10826"; a="376328598"
X-IronPort-AV: E=Sophos;i="6.02,235,1688454000"; d="scan'208";a="376328598"
Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Sep 2023 10:24:06 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10826"; a="812235536"
X-IronPort-AV: E=Sophos;i="6.02,235,1688454000"; d="scan'208";a="812235536"
Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by fmsmga004.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 07 Sep 2023 10:24:06 -0700
Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Thu, 7 Sep 2023 10:24:05 -0700
Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32 via Frontend Transport; Thu, 7 Sep 2023 10:24:05 -0700
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.171) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.27; Thu, 7 Sep 2023 10:24:04 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aeG/gQ4lazGrGMV6Vt2fvbvlR6WrJBh1Bp7v4e70KL7/ObUbpdWYplKZye0j/5YXXyj3OUqKV+vSyyBHj67cvuE9233UaJkJu7Por9JdGEhEXdRdjG2H5YWAKIoRQc1jfPDiNCsT4AtVJn88rrIP5dlE5PxwXm9umJU/bt+zmOVNcoQr8XYvGF3rFK1iCg6Q4P/ilRW8dP+/LNUvR0s8wUr0zb96yutxTPFd+3PitNe4h1TJuMKfGfBllDobPDlq2lmqVP06K98dgNbancYZwRjrGnxDP/YaFUAsd8AXWdUoUJaGQ+CJoc07kJJAi4bsXlP63QHMS+Q3JSe456r3jg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=K83/vRLo1lS+vSwVV5xuUY66ntxRlrXFFgM84CQyI3Y=; b=BUdFIqUzFwETeSEHUgCZQfcZhCcTz60R0yOHg4G0gQptGM10YfrNg3ADP+dKJ8EuyOrgsuAUCwlVkJMkXRXVorbUK4TpEUIxFygC5Wp+HsXtVMGDBzvBb05RWTeCPekaPnQNVh9sFcgHDWzj6djurGV2CnngLK3Li47GPvJzAUxqA7ykVSWUzGRDPRT9AbBkRQ3MDVGr+QwkVM/P54271Xk9Is9ZoMW+jvQsfFbh4Ph9A/26OXz7QK1wS73RY0PvYU91OdyrgIzQu1Kq++yjK5gzNGLVz9AOgfXIyy/odFXymQDj5o/3x2Bi2UosNANSkytlyd+rbnlcx8g0k02Znw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by PH8PR11MB6658.namprd11.prod.outlook.com (2603:10b6:510:1c1::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6745.34; Thu, 7 Sep 2023 17:24:03 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::5fb6:7200:97a4:b7e9]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::5fb6:7200:97a4:b7e9%7]) with mapi id 15.20.6745.034; Thu, 7 Sep 2023 17:24:03 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Robert Wilton <rwilton@cisco.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-rats-eat@ietf.org" <draft-ietf-rats-eat@ietf.org>, "rats-chairs@ietf.org" <rats-chairs@ietf.org>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Robert Wilton's Discuss on draft-ietf-rats-eat-21: (with DISCUSS and COMMENT)
Thread-Index: AQHZ4YzIC/PoBCX74E6+6wTeBf7tibAPJ74A
Date: Thu, 07 Sep 2023 17:24:03 +0000
Message-ID: <0362104E-7D7D-4A22-B202-E147073D852D@intel.com>
References: <169409219358.34717.10637003445246332249@ietfa.amsl.com>
In-Reply-To: <169409219358.34717.10637003445246332249@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.76.23082700
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO1PR11MB5169:EE_|PH8PR11MB6658:EE_
x-ms-office365-filtering-correlation-id: bb6bb5f2-2f70-4bf7-073c-08dbafc73b44
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: +TQ7gS3vt9C5uZbRf7WBROdoy4dujj9HKKBgS10isFrwDkj+P90gzvYg0n172DA1FumPJhMe4lipbFqTQihML/Av14pluU5KkfFLPwJWJii2WJGlaLbRbnciYBwHx9n9uPv9RNSqe4S8mEQ51g1IDEVYtlAx0jzhlDwDOHyeSdjkWwHheqoLdlg8+80+yR6DNwfqAw7VJqLpVa0PYLpJTNnVL2otwPT0xFx77ZUdIGpisxWLotfpC1ytcksQWSTG/6ObuxQ5iQNkhtI/w4Y/LH0iGjK73hih/hQJZfxlVGfTq/9Dj8Fm4c4j2b4ce3+Ay+qWb+p6a5p6Nb7tlAfx+sfUwQVsrDpI1/+BuL005d5DGD6IJsdF1FxEXyZvJIroUGmTWWgWENpH10mUBhZHydg+DkiLY2yTEVn/dhXVvGhJjb0jDzjLls0r8jfMPthUbKT2xNQ14EUUB4qUTmZ1z1Bq0iQZcQ/oIgbedVMRJ+Rug8Z66mcSG7tBt7UmNndWo7hYDOAtu2Ylzhqt5g2UJWx7VxH93VyO/mzEQ78nfZxarQUAz1E6UQhTsD7ErJ8lNAS5zmFxopVrlRofoogN6P5DZvTT4LMPvBhfzKLr8eON/oxalC5cBU2/DEpLsrMSaTENTn6NN5EHKqDozP0iIngTdT3u/E+xQ8oqj70CfKc84n3dxPIngb+VuPsaX3MK
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5169.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39860400002)(346002)(136003)(396003)(376002)(366004)(186009)(1800799009)(451199024)(82960400001)(122000001)(2616005)(38070700005)(26005)(38100700002)(6486002)(6506007)(6512007)(66574015)(36756003)(83380400001)(8676002)(478600001)(66476007)(4326008)(966005)(8936002)(66946007)(66556008)(110136005)(76116006)(5660300002)(66446008)(64756008)(54906003)(86362001)(33656002)(316002)(71200400001)(2906002)(41300700001)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: z70PxpR5TlSkSuzC1pTnCC3MTKTMmqeyCoCuP0LRWyXpredWK7bvizRohfd3+ZrXHPcBMoxzNSIIWLVKV+R3HC8fvuzQNuIbjmuKlC2an6kNF7/32dpjvvttwxDzU522lrY4G1ScSVH+gwbLoUvRqWkopLaWYV0kBIHowLAshH+oQKCjU9jjh8WcDfYrRpJpcwT3OUaj8yz4t9+yIzbrRN7r8XfGXpNZ0JHyuheaSK/B9aUjBR2zCCYlB8vrlwJXPPQ8YLKibHBj8oZ8TweeUdXKdWVptUf3EeCUw7s/EcBHzQnTwWWs9+rh2vg8O1ZatL8WY+fg9kN8waoM+Jl0MEoI+kMkq8Nf8Pu17o45estQyntBu7DxvDBEjtVB3sk8956FM2qnzYzx1vHTG78wHMJ1ZKaPxImIDkAkbdo23meVDBTs+OKTWlYbFGG4laga9eS5ZdoAZtTVXGG21VyiRYQXpvfsZ748mC6brNircGjTOM9j0j28mSnGnqYmgg4lHQXtbBAnVeemQCxLGGaGsEcU6raXs/L3HrvUVGScBX4519wVlSNFNyckf3M6rjcdAYcG6crKHAhL6AFyB3lEIDP+UGptFtfXywIo08iopOisC1PzzxdV4EDNIV3FA/z38qJcRJk0VN81omEOWp+Fk6pitTUZYHUTqdxUYo6AXsIijb4UUx++3RQwo0TzpXkv4uWHXPZQFD/xVCVoCuRERrcc+sRm2ECrWd7exUPlU8sUcPFNKoRNTY/RDXPvDsCKaMwGA8+5bJWRrnj6Y1XYdUUEN1aSUjUTpcabtKMcgqZp5NobEmRwWUyB31dYoxm5R+eHsf/jUtjUqiBe9p0AusMthmV0nzWyILXkoGncIUdFr76+kXFp6vyt8QNuHfiZFVz5m/YWju8QSd+BeF1DgN4Fq+B+ZKEqh9rYJ+0PtWLJpigbz4BCIXirjSjP8D/MlKKoC1l+LytcIeyf9bHf7EhQ/dpJfp/M5E3GDYC1AEHqVjd0lsrSZg1My+nOJ2vTcKSsZw9EE/E8V4/mG8vDXscEmeRJTS4amX0F1i/+E34lxg4bK1f2uWZOzA5VvlOnf9++faB9L7+PrTyRmwFEwTKQurSqgqXBHF9up+4ikLuTd6TVbhGc2MxgaY49Fe2/5j1AxevaUjzE9mJwhjWv2o16NXZT7leUr9XnTfvKWyh2Pk229/XTGEK0QgvfXl5mzUQMa/vPTBaMhx5nbz6coDWarIWGhAdCXIYaEM+GWbt6zXGA/4REjkHdVNBIbiccrsS5fqCokLzbPZ83aM669y/m2+Ci8uDwf3OPwIJEoBaf58xXWVff6b46CCWfZNDOIaMhvYvMZfJUh/KFKId0pdFPr8dfc3ndzqpS97Lcai9hwGDdHAwUFZqUZc71OcovG/gS0d5/UB3rU7EvsfE9Bohi9uBAjXSPIhcUBpeiA3+ZdW6A3qy2nPcUZ7tmku6EBXpfE9DWLxE42NNp7BSO54TlHJlKGnUJve/zOJ+MhMLahz9thM2LMKnCqULgKGqdj84K+zYytdeVx5lxRFDyN8SwndS3YuYAPh6uTbbbIe0rHGYyJtv0svbJrhoUBm8J
Content-Type: text/plain; charset="utf-8"
Content-ID: <53F93E892A857145BA80B932999364C1@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bb6bb5f2-2f70-4bf7-073c-08dbafc73b44
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Sep 2023 17:24:03.0551 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Zt5Ch0tRqOEVHSdQKO8NVQXKPpP2YdxeTuAzFkt6+RQm8/Kqc6wKPMqOoe+1rX72Xb5swL5J5E7HFiEqlhnuUQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR11MB6658
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/tl7AzxLk2bqP86SLrbjiI8qCI6A>
Subject: Re: [Rats] Robert Wilton's Discuss on draft-ietf-rats-eat-21: (with DISCUSS and COMMENT)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Sep 2023 17:24:43 -0000
BTW: [RATS.Architecture] is now RFC9334. Regardless of whether it is informative or normative, the reference should be updated. I believe it is informative because RFC9334 is an informative RFC. On 9/7/23, 6:11 AM, "RATS on behalf of Robert Wilton via Datatracker" <rats-bounces@ietf.org <mailto:rats-bounces@ietf.org> on behalf of noreply@ietf.org <mailto:noreply@ietf.org>> wrote: Robert Wilton has entered the following ballot position for draft-ietf-rats-eat-21: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ <https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/> for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-rats-eat/ <https://datatracker.ietf.org/doc/draft-ietf-rats-eat/> ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Hi, Thanks for this document. Sorry, I didn't have time to review this document that closely. I have flagged one issue for discussion to change the reference to the architecture document to being a normative reference. This would mean a downref, but should otherwise be an easy change to make. The rest of my comments are non-blocking. (1) p 71, sec 11.2. Informative References [RATS.Architecture] Birkholz, H., Thaler, D., Richardson, M., Smith, N., and W. Pan, "Remote ATtestation procedureS (RATS) Architecture", Work in Progress, Internet-Draft, draft- ietf-rats-architecture-22, 28 September 2022, <https://datatracker.ietf.org/doc/html/draft-ietf-rats- <https://datatracker.ietf.org/doc/html/draft-ietf-rats-> architecture-22>. "From section 1.3, EAT follows the operational model described in Figure 1 in [RATS.Architecture].". This, along with other references indicates that the RATS architecture should be a normative reference. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- (2) p 0, sec An EAT is either a CBOR Web Token (CWT) or JSON Web Token (JWT) with attestation-oriented claims. This is probably contentious, but given that this is a new spec, I wonder whether it wouldn't be better (i.e., encourage wider interop) if only CBOR, COSE and CWT were used/allowed. (3) p 20, sec 4.2.6. swname (Software Name) Claim The "swname" claim contains a very simple free-form text value for naming the software used by the entity. Intentionally, no general rules or structure are set. This will make it unsuitable for use cases that wish precise naming. I found it interesting, and slightly surprising, that the hardware model claim is opaque, but the software name claim is not. (4) p 24, sec 4.2.11. uptime (Uptime) Claim The "uptime" claim MUST contain a value that represents the number of seconds that have elapsed since the entity or submodule was last booted. Relative to other claim descriptions, the MUST in this description seems strange. Perhaps better as just "The "uptime" claim contains a value ..." (5) p 88, sec Appendix B. UEID Design Rationale A UEID is not a UUID [RFC4122] by conscious choice for the following reasons. Note that the UUID spec is currently being updated (it is also on this week's telechat review), so some of the concerns being described here may no longer be valid. It is still only 128 bits though, and 6 bits are spent identifying UUID format and version. (6) p 89, sec Appendix B. UEID Design Rationale Note also that that a type 2 UEID (EUI/MAC) is only 7 bytes compared to 16 for a UUID. Note that the paragraph at the end of appendix B.1. states that UEIDs are a minumum of 128 bits ... Regards, Rob _______________________________________________ RATS mailing list RATS@ietf.org <mailto:RATS@ietf.org> https://www.ietf.org/mailman/listinfo/rats <https://www.ietf.org/mailman/listinfo/rats>
- [Rats] Robert Wilton's Discuss on draft-ietf-rats… Robert Wilton via Datatracker
- Re: [Rats] Robert Wilton's Discuss on draft-ietf-… lgl island-resort.com
- Re: [Rats] Robert Wilton's Discuss on draft-ietf-… Smith, Ned
- Re: [Rats] Robert Wilton's Discuss on draft-ietf-… Roman Danyliw
- Re: [Rats] Robert Wilton's Discuss on draft-ietf-… Roman Danyliw
- Re: [Rats] Robert Wilton's Discuss on draft-ietf-… lgl island-resort.com
- Re: [Rats] Robert Wilton's Discuss on draft-ietf-… Rob Wilton (rwilton)