IETF Logo Mail Archive

Re: [Rats] Easier changes summary (was Re: I-D Action: draft-ietf-rats-eat-13.txt)

"Smith, Ned" <ned.smith@intel.com> Tue, 24 May 2022 02:40 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1EECC074E35 for <rats@ietfa.amsl.com>; Mon, 23 May 2022 19:40:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.667
X-Spam-Level:
X-Spam-Status: No, score=-2.667 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.575, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=intel.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2ccU_sTdQONy for <rats@ietfa.amsl.com>; Mon, 23 May 2022 19:40:07 -0700 (PDT)
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 647F9C074E32 for <rats@ietf.org>; Mon, 23 May 2022 19:40:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653360007; x=1684896007; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=EkxTmgWTriPYci4jAAm5GqAzAXt9zqya1X8GriIBmYM=; b=WZmpg513HtgqtsRL0CmNYmacf47axECiPJg7FrHJz05CS9IApi4ea86S u/jVeXjXQed/3P10U0ZBWOxOmr9FdUp37Dsnv4wN+pIwKQha++woQX1GN 5LUAuBYDOtQHJDjyyrSRTTHOnJt+Avf+oO9uusmgCx1MXMxvqJXsirxuw DgQmkbYqqylJRuv/CsEZCwrDxlmP7tzO73JL3Pen1doJqj6P0IeRctMKF 6s1ve03XaKNvYwvnr4KMXO2NVRMywEGBfmcBLcfS7diDuvypgJD3fULTp gfIaGo8gyKu9fMhhH6MkUK1tjDN4CqdBdPBHgZ2sXLuoIBL50QDBFyc84 Q==;
X-IronPort-AV: E=McAfee;i="6400,9594,10356"; a="273406871"
X-IronPort-AV: E=Sophos;i="5.91,247,1647327600"; d="scan'208,217";a="273406871"
Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 May 2022 19:40:04 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.91,247,1647327600"; d="scan'208,217";a="820101467"
Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by fmsmga006.fm.intel.com with ESMTP; 23 May 2022 19:40:03 -0700
Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Mon, 23 May 2022 19:40:03 -0700
Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Mon, 23 May 2022 19:40:03 -0700
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.45) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Mon, 23 May 2022 19:40:03 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SOAmMAbqHy4XmDAcD6/rj6pXP2/CEF4Kco6Gv4Fmy+T0PCoUsQVQ+wbmc1PeOF1f5xzJJuSAnMqeXdcVZfotaRe1KcFuJFVoFeUr/9SvrgAR6bDXAo3SmAGdtRHIMQ4E8wAkjxr621Lgwlxns0RqDcMSlTrsVTVrL8OzUAyxmAYd7uTMkejmuGXRZiOK1ySQeZt8QO31haEf/XgG56YW+9xPzw4FDlPR7GNsGxj8GiadNlq5jA8wDobGiGxCdn3mhNVw1bsHEEFa8wtFL+E0LrPXYqQWojXIlggj3dq1N96pukNqCvm5swqUAVtkBI+4a7hX8IsyPvvoxQz9Csa1/Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EkxTmgWTriPYci4jAAm5GqAzAXt9zqya1X8GriIBmYM=; b=goPTIkTZrgzpWS6OiBW38YV3ck19QAnlvf5tHGziKjB4J5rGC2o7n+bgV26YLwIlBc14UaByFiP64lXL5G029Kt7HBCh26PHGN6sU4gm+v81cVUjMCIZ75kB2pNTUnOjOal9Ygw8oyKG4gqFU3akUA8c+MqmRJCst7OqQ2dJiYGhY+MJAiuSXsE9ZN9nrH/EygMLmnzYnznM0MZjOSaZ4MXBU5ae3/215S324Ig5RIeeifB6vvOwhKRCv57lHcrsw0urngT0+n1XK9C7CrTAxfSz09grKatbbSguxb9/kVWXT3gyJ2oVra66FZK4vsr8wBllm7+WTGlRqGOv3dGzHw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by DM6PR11MB3355.namprd11.prod.outlook.com (2603:10b6:5:5d::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5273.14; Tue, 24 May 2022 02:39:54 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::ec95:b7c:857b:120c]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::ec95:b7c:857b:120c%5]) with mapi id 15.20.5273.023; Tue, 24 May 2022 02:39:54 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Laurence Lundblade <lgl@island-resort.com>, "rats@ietf.org" <rats@ietf.org>
CC: Giridhar Mandyam <mandyam@qti.qualcomm.com>
Thread-Topic: [Rats] Easier changes summary (was Re: I-D Action: draft-ietf-rats-eat-13.txt)
Thread-Index: AQHYbKdyTxug2cDOfkOxQ1X6lGBO6K0s4HCA
Date: Tue, 24 May 2022 02:39:54 +0000
Message-ID: <20171438-E161-4295-AF62-871119735483@intel.com>
References: <165308041592.8844.8300757068911716538@ietfa.amsl.com> <SJ0PR02MB8353596A52F232778F18B81A81D39@SJ0PR02MB8353.namprd02.prod.outlook.com> <BFBAB37D-247E-4FAB-921C-8D5BDE289C12@island-resort.com>
In-Reply-To: <BFBAB37D-247E-4FAB-921C-8D5BDE289C12@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.61.22050700
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 526c32b3-d370-4d5d-728d-08da3d2eaf68
x-ms-traffictypediagnostic: DM6PR11MB3355:EE_
x-microsoft-antispam-prvs: <DM6PR11MB335502A265BC0FADCE4761B9E5D79@DM6PR11MB3355.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: NmJGnKBg6iX0RevMWsdRpEiO4ztt5d3UlpUWFTXnMM/P/26XPa9RmBWP4EapeNMk1Bge1byaRG8l0CqlfhWFhSoyvRWzCF/XBHykU89NVfp8WRy1cQpn/q8NFjM/V9vOLHgSiECCeN+Qol/fq7X5y6MlXY1FaKFDtzOmAaBb9My/Rfy9JvFRkqZXJrVP1pN0OcUVjQMfOLyHeOUGLRnw9lgMNCkTUr0wCYLy3m/uryT7rJgjwRh1ahz2mPp5GrQSZFXyfGUClsbBH06VvpL5nudsMblboZ2ajObzFTJzm151l/xb1DES6cZ6iu7FI+mGmFHruhKukaDODOSlFbYOqbGTsg3eITnh+3gf9ecddo2sk7IyITtvrafrRPC6Eta3hfMeOM5ALMqWwsf5yRazoqALLoZxTWPGIsnHjvgt9XByTYQ2MzyEnwimD0xH6P1N5g+KWyYh8/X/ykoit7R2hXDGoY/b3K6mtZvlofe1mPlAskDGSkgVDhaXpZC8Zqk2Y6ZA8B951Vu3GouoZnAM8xRU1u+uyVbV+bPu1Xr84vG4sP3ja1zxFiyVup3TYT1ppEoYjk50LU6nDZk14VVKWacCjBy9mjMouyRfQkSai+sw/cRCMtaCrlApfcX6yZeH8KOyhjI6466heGeJRRNeGVd/LXiZlSEkFC5NEixWgo1O66kFQNLBartqyXV9ycTNSqVHOtGIsi1ODF43AiqPDb/so6/0D3ccFSdA2rKRrpG3g9Tx9ftJyIq04TTBxHb3Q37El674W1EFV2zTHLkxQImDdbvJrOWPBVdoBwsPqWNqUMiyOmE01dLpSBeb51bS
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5169.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(36756003)(316002)(2616005)(83380400001)(6512007)(166002)(86362001)(26005)(186003)(110136005)(66476007)(6506007)(66946007)(76116006)(6486002)(66446008)(8936002)(38100700002)(64756008)(38070700005)(8676002)(66556008)(53546011)(2906002)(4326008)(71200400001)(82960400001)(5660300002)(33656002)(122000001)(508600001)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: im/cwQRyDezjmYnMCUM2ZkKZi5CuUE6fPtxZoefiKCme7l5QVAzB9r/Ffzt7baT1Nl0UVEwK7xbWUqb5OpNxB7pUWZyR4tTToyNXGcC9clbENbBVCXBl7QGNTfQohS0fWhqkjctJYLKGVnKuiv7lBS9bVYUEZ/SEThladFPQGGuEc+wKwt5W1Mgbn2lCO6Hlq2VPT2caAD8II2WHbj0k9TxW9lAqhkf+DDdAlnzvcGtWPw8XfBPhdPXJvOxzWK1caQgdQOAqL8pXB1VxnVmgW1dNfqQ4n2X8fBBqiYjz0UDdK2mmJFrgglZcXM1d8STvtxYk3sRe1DSr408P8lGuv3g63B9pDfyE/KKrcKR+6ll6e7Zg1o9551CDLzWannk2suEPM9/S+utlpJkzEqFVAf9p6RwCzcLBk3JoeaF/zhYJL2jvXK08Qf8mgqj/cmrVy5V0uH9CQaL2QS1mnx4P9gaT1e9Q7D+xnT3Ak+j0ZNsbhlALcTTqg1mz8e36jldWZRKCc5rDS3l1EjmSJO7Ep8ODEcJTa5UMO/osqB5E+KUogMp5E4Vzpm7oviq+4mhJ9kg3UdJv9hg+PzXhDrR3IVioAKRSJ4v6A8wW9MkhH9EdNzGK7QuX5g/9MaHEowxZFpJ7B/Nv0QH50BzL7X/rP/k3GCAnNR9l2yJvL+hcuF7O6NpYJAMqCt3IeJ4dcfljfxq9iLHrEYZx5deK7DzZXd+ff8VA+ItF9HD1jSznnOT3m63JAx2jXx+wVKkzFZ6lUhHfQ5JD4DKueQfcAbI+tuDPvkeFsW0qnnV4C86XzI+jL3Kx7A/Fe8wyaV5R0Hn6C55vrXbnpL7yj8xtvKXc4Y2JC1lqRY9Yh09qvQliuIOxl+4TcimGtXZ0GlHqwhHInJ/neSUbpN9mc558dXhghe1eTbJk6r/rvgoNAQyyQ7Jbyy8qhlhM7B/bSKmJbTj8qdna9Z2q/6Rd+TY+0u89Eb1TlfSnZfYKt/ADkPHdAT/re59mBmNM2H2o9/LUlKSXn1jrP9ZFRMkI0PdFRR9qStSfmHV6VoXhxAIeyyjUi3AynXCb3amLBOGhznWEufWXjwqKbbKfYG+UVtdwNlTzWHoBEB+FMbLB/zhbMIqdLrVDC0mlIU85NZAsLC232hYcvemqjqWGmxMI3PRtPI5XDkIfj7Rxjg3XxlidGbHGTNUIs7u5OV4ly0Ehi4yLifiy9erTl3k2lQKcCKh+3D8laKOCmc0QvQs7cWsQEh/qiepILEYgX8TK34MjUtkJgzLP3oJ3ru+8HuXAtYe4Avk7bkgPERbzZwFJhe4sPypxO3oZwm3ueJXdJlyQiiW1D8AC/7mNxzDcSd0V3oymtMGONrhQbQHPD+TUJXuHcynQibCFreZehclKzV2jMN/Dz+zv2jqDw2ys5GUG7ZlYBIvT+iYUbf9XREtfa+EXT6IkVRFSI/OdZXJac/KR8b4S8NKFYBfKH/V1cxQp67Cz3VSZS7chMnBuZRg2h9OemIgDlbrE5LfH37X9LulcW59P3HPpXaRtE7H8L8aoWEQWABDOHvOVSkeY+Zsdp5lCCX2ITMWH3yUaN6Q03YlZnEeaMdh5ig6hy3CJnYTy3HZjvB1zqEngv6NaKN7A0xlLny6llAef8I4xywNqzifp/uy7/RoMAocU97S7jthjalWxcabHEwqY6SqzchM52I9PxrlE/PcMB2os8XaEAfOXyrroeyVMdGPhZrOx43GUrplYppFFADtySjebO2X/L1fNJdZviwE=
Content-Type: multipart/alternative; boundary="_000_20171438E1614295AF62871119735483intelcom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 526c32b3-d370-4d5d-728d-08da3d2eaf68
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 May 2022 02:39:54.6369 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: bZiiBnXDHGoDBYAYhADGJUh/Eg68cbeTtf4MKujDaFG3h3eNCW5Pa9UesCdrGp1tdAQ3rRcQLm9YwZ+wohnfRw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3355
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/vP1N3TsHn6B41Sj7GDv0Q5N7V14>
Subject: Re: [Rats] Easier changes summary (was Re: I-D Action: draft-ietf-rats-eat-13.txt)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 May 2022 02:40:11 -0000

Thanks for the clarifications Laurence and Giri!
-Ned

From: RATS <rats-bounces@ietf.org> on behalf of Laurence Lundblade <lgl@island-resort.com>
Date: Friday, May 20, 2022 at 5:12 PM
To: "rats@ietf.org" <rats@ietf.org>
Cc: Giridhar Mandyam <mandyam@qti.qualcomm.com>
Subject: [Rats] Easier changes summary (was Re: I-D Action: draft-ietf-rats-eat-13.txt)

Here’s an easier-to-read summary of important changes in the EAT -13 draft. Appreciate all the discussions that led to these useful changes.

How Claims in Evidence relates to Claim in Results
I believe the question about claims in Evidence and Results is resolved with this text<https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-13#section-1.4.1>  It basically says, the RP needs to understand the Verifier’s policy for forwarding claims.

CDDL for JSON
The CDDL here works for both CBOR and JSON, including the nesting of CBOR tokens in JSON tokens and vice versa. It is only at the token boundary that encoding can switch.

Lots of CBOR and JSON examples are included and validated against the CDDL using the “cddl" tool. Most of the CDDL is common, but it wasn’t possible to make it all common with the way the current “cddl” tool works.

Removed UCCS and UJCS
There is a CDDL socket for where UCCS and UJCS plug in. I have validated that it works for what I think the UCCS CDDL will be. The UCCS standard document should specify that it plugs into this socket so it works correctly for nested tokens.

CoSWID and SUIT identified by CoAP Content Types
I switched to CoAP content types to identify CoSWID and SUIT for the manifest and swevidence claims because what was there before, CBOR tags, don’t work for JSON.

Improved SecLevel Claim
Just three levels now. Try to be clear it is only a simple and rough classification that requires no certification to claim.

Sort Claims into three sub sections
The claims section is now divided into four for easier reading: 1) nonce, 2) claims about the entity, 3) claims about the token and 4) how to include keys. This was an outcome of the Evidence vs Results discussion.

SWResults -> Measurement-Results + revamp
Since more than SW can be measured (e.g., file system and config), this claim is renamed and revamped.

Nonce claim in JSON is same as CBOR nonce
EAT was using the already-defined JWT nonce claim, but in the process of validating all the JSON CDDL I noticed that it can not support multiple nonces like the CBOR nonce.

LL

v2.23.0 | Report a Bug | By Email