IETF Logo Mail Archive

Re: [Rats] EAT Review Comments

Jeremy O'Donoghue <jodonogh@qti.qualcomm.com> Mon, 13 December 2021 10:43 UTC

Return-Path: <jodonogh@qti.qualcomm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02E7A3A0687 for <rats@ietfa.amsl.com>; Mon, 13 Dec 2021 02:43:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PprsqoRQGer2 for <rats@ietfa.amsl.com>; Mon, 13 Dec 2021 02:43:16 -0800 (PST)
Received: from esa.hc3962-90.iphmx.com (esa.hc3962-90.iphmx.com [216.71.140.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8A4E3A0766 for <rats@ietf.org>; Mon, 13 Dec 2021 02:43:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qccesdkim1; t=1639392190; x=1639996990; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=pXNJRvMb3aG6aHzkFzMs3JZY6FqP31mIA5PfseCJs8M=; b=qQB3DEdjrUbnHCEuSUpk/xLhP7WyX0/7iYwDIQdi7O64QepvQbLFX5hy eyiohMkqj9hCHBa8US7x3fePcCSdFv+7BmJIoV0tpo1tjNpiH2X8LPjsE rUo71ZVX86ibMjBx1f2a2/XgV+sB32W16itiDuEaAS9cHlkNzVs93pV5D Y=;
Received: from mail-bn8nam11lp2175.outbound.protection.outlook.com (HELO NAM11-BN8-obe.outbound.protection.outlook.com) ([104.47.58.175]) by ob1.hc3962-90.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Dec 2021 10:43:09 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ctp9H8ecm819rSfcjUEoSfbmRyww3j+BP3HipOQbhiKW/7EC4bdnPwhrKSY8Glx2EKSRPzlXCJr1ORbBiwciTyDzWvCOpd/QlpnDPnTzLuFgLLWznOzEc9PoWDWpQ+DL96HdRx9bP5m5mQ5q2Js0kQXJN9pVcUEalUZ7+95GoKKryKRGmqojCjyLnf6cfMI63Vl5ZgY95RN6091Lv4vsCEascM3kLnOLScLfwfw0f40Qr4M26TB6p3p1z9vHGCR/DbpZ5ttfs9Yx0wlv2GXsI5Zjxu05ToVMwimmFpvAInJTynn3vh6t//ckcEwtL5FoDC0Fda/qX9dtsANtP5lURQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pXNJRvMb3aG6aHzkFzMs3JZY6FqP31mIA5PfseCJs8M=; b=hT++bYzbshX81lMI2fz86cFV0bvPx8HHPkmCrK9rTn37co6KSJgF5vl5jgpRhMTRTuUB/GPMjkotLpk8rfeiAijQ4gf4VmB+3QUIdZNPb65f0MKfZ952Zg1+ZeeBHul64Sx6jcX8cqK4X1peUVToQJ274kqodkwK9ieBIprLD26tdpJaomPMsz23gsWSH4f1JiRiueiX4XXFfmkS7FlEEV2PkUC2Uob2KSt7ucQhCMIBiWdM/euiA76Ab76sY/+BEVUDzuHQvdIfsgYvGgiFLkLW1URAcMi3zDjlBZfawD8mzXz46dczh0BOt5a3MYkhNr3O/L8oMBV9I/Jvzovbpw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=qti.qualcomm.com; dmarc=pass action=none header.from=qti.qualcomm.com; dkim=pass header.d=qti.qualcomm.com; arc=none
Received: from PH0PR02MB7256.namprd02.prod.outlook.com (2603:10b6:510:1a::23) by PH0PR02MB7813.namprd02.prod.outlook.com (2603:10b6:510:53::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4778.14; Mon, 13 Dec 2021 10:43:01 +0000
Received: from PH0PR02MB7256.namprd02.prod.outlook.com ([fe80::9517:605d:f2c0:29cd]) by PH0PR02MB7256.namprd02.prod.outlook.com ([fe80::9517:605d:f2c0:29cd%5]) with mapi id 15.20.4778.018; Mon, 13 Dec 2021 10:43:01 +0000
From: Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, Hannes Tschofenig <hannes.tschofenig@arm.com>, Laurence Lundblade <lgl@island-resort.com>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] EAT Review Comments
Thread-Index: AdfrXtD82TqKBMPPTvW26/ecfE3BXwAVcq+AAExCBMAALQl5AACcLdFf
Date: Mon, 13 Dec 2021 10:43:01 +0000
Message-ID: <PH0PR02MB72568A41395E3A5093FC53DEF2749@PH0PR02MB7256.namprd02.prod.outlook.com>
References: <DBBPR08MB59150EEE386E675005A52124FA6E9@DBBPR08MB5915.eurprd08.prod.outlook.com> <B81765CF-8515-440B-A021-977FCD59D5E2@island-resort.com> <DBBPR08MB5915DD8BAA394E7D665E4C7DFA709@DBBPR08MB5915.eurprd08.prod.outlook.com> <7e8275a1-10ce-bff8-9252-8c0d32d3e395@sit.fraunhofer.de>
In-Reply-To: <7e8275a1-10ce-bff8-9252-8c0d32d3e395@sit.fraunhofer.de>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=qti.qualcomm.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 52067f1b-e8c8-49de-425f-08d9be2555c7
x-ms-traffictypediagnostic: PH0PR02MB7813:EE_
x-microsoft-antispam-prvs: <PH0PR02MB78130BB924E926E9E6ACD258F2749@PH0PR02MB7813.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: p6izQDHQpRdWOa5X1j9AfYXHHp24UpZgjy8Ef6FSliKoNm5IEfLYB3V/Co55oNuL3BSJMNJEjP3psSOvYEyaVrEhov6eO2JmWlx+AepLvwFJUlIMlaj6bR5WcG3aeOfHqa9xtG8do4UdjNMrPpdbHdHHcHcX1UUGMqhDNQ4oh1+v1vd9cLtw1+CPMedxG+ok8Qqz1RLyowQyNlOcv2zs4lklyPbULHF91th9aPXWJkoXJMGQ36rl1TCIKBksTvAohHjDK3c6IH8woxj1/c2Ai7VP4Oh44SHIQsB1M5P0ngJF159BLDKc27uHikZCaHMVrAB6zpoK3N7qKgqscXdHBNONxZw7SehKJzHWbr6VukRYWjaqNknO1AeSazRpV1vS8Oc70NBwUE44GrUgMzH6t73lH6mXxvuXEj1Mw3Bfz+cK2//gkPGFshTMhugwAVV7OsaVdooQZLwGpOkkfvzDUraBpDMn2gtsjClgYuKwsM8utAziy5WlmxroeN0vpTIwjQtRX1E72/VEvQwCdW3kEbWt8bI26SZVQXapPyKKhxnjV5tBLBcmCQTUeLBWk5Qmu0Wa+u8ufWJxWYHw3OBEywkjdaPERPGxkYWR0iean8+IgLkAh3KFU6fqpKNbu34jHaZ8PU90waVNPlt2MPuF2A0u3Ioq0XjtiBqzd1utsEo+38i9UvTg/MhVKJVbn/hpyXeTdVkmrHEU10EMdCtYUqw9lH2LYRzzplNN14Wnz3gdFUJ5CPLw6s84UBx9J0Ljg0sCRGuhFcC8JWrt0b3b+KD6ltqTyIRS66Bz/7uf+9M=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR02MB7256.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(966005)(26005)(508600001)(55016003)(4326008)(52536014)(66556008)(86362001)(8676002)(83380400001)(186003)(166002)(38070700005)(8936002)(110136005)(33656002)(66476007)(91956017)(71200400001)(66446008)(6506007)(53546011)(5660300002)(9686003)(64756008)(2906002)(76116006)(66946007)(38100700002)(7696005)(316002)(30864003)(122000001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: +zub+4ldg93GAX1DoGNfXX19yqc7s9R5Oc4iZqcBPQYLUKmheoP86kjuTvVJUTGPAjj/sRgKku6Dkoha5Dyuu2ii8Luq57g5lqo21QeqsOvmuae2eLKa/x21bfzeS6cV0N+f+1f/G5qldMnjQmCNUKjOjXTque+nw6cc713pd50sWzc4mBfIsu+oKn+JqvOlGFgQWFw+OjxT2uZSdvDxdgHWuMPc9LBPx5Z9yEmnQ92XuDNw82mFn4IReEbNLA6WTlFnivz5PXO5cAGKeB5f1nyDk9zMqdk99+d1lB7muu6uin4FUBjgFEcSXjthF5DF+W7ZhbtGIthuFzzyyH/WPcZ3UY4tYkpQwl2vL0FNlL+Kse4SEWQGYTesItcvL/kPJrTPy8yKC7+t/GYJUrYTJ+pYiyYkItj+j4MGJzNL2hcJeW9Hf5uaiD+NcnL1glVgUTMdQCa5X3TrC+NfhnYwpEyr0UGDjIJJDymbdB89n4APBnpvuXiAszuZ1DH2zWH4rX16IvsT+2SIuFLfW4LItoOSsPsbObtIzSbYgy2Kkuhh4T87/y/tFCwTRVcfpNAvboItn7K0/E+5OGWO6fFiemE6Y2MlM1tjb3rEoS4D/dvI4mIt9ZyoVTQ/tktbUP563MANFi76TXM/FfZN8+PeurIexVcnGjKZ1MAvNsv/iAgBAzhKAQ/goTgLSI1w0T9jszq0XmeCoA4eTodbvJjJ6jRuZVCfhvmWszAVbvf/EAgER2S3mLsRuNxKRwK9X7Vmdnj6dmkreTB3Cj7ewa0woyYfNJEsaiwurQVfMPQXjQJdOl7JVCsk8JYfBDVg2iGxy4NAzSoYmBXI1ISIQ1Qfea+0Ys0k8uYkieuM1I0Iw2ysZ3fFikH3gtlGrA8On0ghKcJZxJnflse+OrHbSWAf2LWE9IaB/Dfa1Vin1GRnJ+VS4QU0VTiDC/zoIE46bbyK8PYxxvbiwkq65DFdIUE+tBaqrOH5awAY633F2akqqsYUn2X/CjxKR5pIdA4izod9SunBvlzLCrvb6OGJlb7dPfWvXb4Z8syO2J0bJbBTRCZbzR6qedRRv0Ts/Dv585RcEH32QfF+eTXSiuG1ghFf5rg7xRPZpA9B7uYki/8DjcnbG6ICLnchg4L9PaSjt31RSt7Pnrdml0Km4SSzUGF4bpklHvbfvqTjj0ZS0Ww5YD3lZ+V4q96tUY1EhL9ppiIj3zjtHQoq0+LTTw5UqL/zYephR+LooPSXoeX52RsZdjmya6zNRJ0h0noVo1aVjqA6+RiFz+PEBILDuUlcJ3efVG8tHoPguSyCzy8/Ta624g+3dUV74k4cAtKRztEKtIVvPx4w9hOtcRJqYdMnHyO0bvu1YRYQ+WAbLfE7GMsWbqI+T5oaCkBDFJewtzrInw8laS04rWhcUdsCZ+yCPHm0PgnmkKKAa5a/UO8Rr+gWCafunowvoUxRZaaKoCjnlG7rP/q5gVZneu6qmDOcJTkMLOYBzgwn5XenkKd9UW71SFAd7qmgaKXIfW1MdJ1GDoOX9BtL+iBC13ephSBHblvSy3wbdX65sk7UKJM6IXx+WjaaiVQjq1/NHv8zirCZv5CP+zIAks9jmvZh6Y36oUh6NaAB2ohzM1ySZ57RibDeLAdOrVtpayGeoRjiGtiWRYsZ5piRY3ZRkom+37B944LUncEx+jJpOSmkqEvAaoXTOq0=
Content-Type: multipart/alternative; boundary="_000_PH0PR02MB72568A41395E3A5093FC53DEF2749PH0PR02MB7256namp_"
MIME-Version: 1.0
X-OriginatorOrg: qti.qualcomm.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR02MB7256.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 52067f1b-e8c8-49de-425f-08d9be2555c7
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Dec 2021 10:43:01.0887 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 98e9ba89-e1a1-4e38-9007-8bdabc25de1d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pSaoyK25Cw1fRZlicLxr4Omv1S0ouebbmlv+DweKjJb4/j6ckZf5L0wImJlqc77SE47587g7IJ5ZlZJYCFaQXztpZ6ID/Ubvc7qUF+0K0qQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR02MB7813
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/x1EjxYKgT88zFgEiwIvqdF_S2Mk>
Subject: Re: [Rats] EAT Review Comments
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Dec 2021 10:43:21 -0000

Hi list,

My thoughts below

Best regards
Jeremy

On 10/12/2021, 07:45, "RATS" <rats-bounces@ietf.org> wrote:

WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.

Hi Hannes & Laurence,
hi list,

a few essential comments in-line.


Viele Grüße,

Henk

On 09.12.21 11:45, Hannes Tschofenig wrote:
> Hi Laurence,
>
> Thanks for your quick response.
>
> A few responses below:
>
> -----Original Message-----
> From: Laurence Lundblade <lgl@island-resort.com>
> Sent: Tuesday, December 7, 2021 10:52 PM
> To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
> Cc: rats@ietf.org
> Subject: Re: [Rats] EAT Review Comments
>
> First of all, I really appreciate the thorough reading. This is probably the first deep substantive set of comments ever made on EAT.
>
>
>> On Dec 7, 2021, at 3:49 AM, Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
>>
>> Hi all,
>>
>> As promised, here are some high-level review comments, which are most important to us:
>>
>> - The document would benefit from a normative language. Think in the following way: What does a party creating a claim and a party verifying the claim have to do in order to ensure interoperability. Use SHOULDs and MAYs when you can give the reader a decision path.

As long as additional normative statements are in support of
deterministic and interoperable evidence generation and appraisal I am
all for that. I would like to carefully highlight that phrasing such
statements is a delicate procedure will cost additional time to get
aligned as WG consensus. In general, I see the necessity and in favor of
reviewing proposal for these.

>>
>> - Don't put comments into the CDDL since the same text is already in the draft. You are essentially putting the text in the document twice. This will reduce the size of the document.

Yes. Self-descriptive CDDL + English text for human readers outside the
CDDL elaborating on type semantics is the right direction.

>>
>> - Normative vs. informative references: If you need to read a specification as a developer in order to implement a listed claim then this reference is normative. For example, the location claim cannot be implemented without having to open the W3C geolocation API. Hence, that reference becomes normative.
>>
>> - Aim for consistent use of terminology. An example is the use of "entity", "entity/device", "device/entity", "entity/client device", "device entity", "entity or submod", "entity (typically a device)". In Section 1.4 you seem to suggest that "entity" is the right term. But throughout the text you mix the terms. The  EAT draft should adopt the terminology established in the architecture doc, which would be "attester" rather than "entity". Section 2 should import the vocabulary from the architecture document **by reference** and establish the aliasing "attester" = "entity" (and maybe = "device") by saying something along these lines: "attester and entity are used interchangeably in this document”.
>
> Agree about most of the above and will work through it.

It would be nice to have a review'able track of issues for each type of
inconsistency here. But speaking from experience that is the way how
Laurence works on the document for quite some while now (kudos), so I am
not worried by that, actually, still I felt the need to highlight that.

>
>>
>> - The spec is long and there is a lot of feature creep. This makes it appear very complex. I believe there are two reasons for this, namely (a) there is suddenly a lot of architectural discussion in this document. This is unnecessary given that there is a separate architecture document. There is no need to repeat the content here as well. Do you expect a reader to go through the architecture document before reading this document?
>
> OK. I will work to remove some of this.
>
> A few hints and examples of what to remove would be helpful.
>
> I already made one pass at removing text from EAT that was covered in RATS architecture.  (EAT -01 actually predates RATS architecture, so there was lots of stuff to remove).
>
> [Hannes] I can go through the document again and focus on identifying on what could be simplified.

Thanks Hannes. I'll review your input and cross-check the proposals.

>
>
>> (b) There are claims in this specification that may sound good but I wonder whether they are ready for prime time already. This document does not need to collect all claims that relate to attestation. Most likely there is not much experience implementing some of these claims either, which reduces the quality of the specification. Sometimes less is just more.

Personally, I was under the impression that the content of -08 was
already good enough.

My biggest point of concern is the scope creep into JWT.

EAT was intended to be a CWT (more on that detail below). The
implementation complexity of including JWT now is kind of mind-boggling.
I have been for a while and will continue to be in strong support of
moving JSON encoding related normative text out of the EAT core doucment
to supplemental EAT document.

Fundamentally, I am still opposed to EAT being a CWT. It allows to
include any kind of CWT claims from an increasingly growing CWT Claims
registry. I am allowed to include a nonce and a cnonce Claim
simultaneous due to that. Or simply mix an exi Claim in. How shall an
implementation act on that? That is a valid EAT composition. Is "ignore
what you do not understand" the strategy here? That is not a really
useful approach, if your goal is to establish an interoperable way to
assert trustworthiness. I'd very much prefer a better scoped usage
scenario for EAT for RATS by making an EAT something more specialized
than a CWT (on the CBOR tag level). Maybe someone can explain to my why
this is not an implementer's nightmare as I might miss something obvious
here.

>
> Definitely agree that less can be more.
>
> Top of my list of claims to remove are uptime and boot seed.
>
> The other claims have a strong purpose in my mind. They are necessary to describe the device and the attestation results.
>
> - Maybe the DLOA’s claim could be removed, but I think it is important for RP’s to be able to know about certification status in attestation results.

[JOD] -1 on removing DLOA claim – it would otherwise go into a GlobalPlatform profile anyway, but I see the applicability as being much broader than the GlobalPlatform ecosystem – it allows a claim about a 3rd party security certification (e.g. PSA Certified / SESIP L3) which can be hosted on any webserver.

>
> - The description of SW manifests and measurements is a bit difficult, but I’ve tried make use of the best things out there and be flexible / pluggable since it is a moving target.
>
> - The set of UEID/SUEID, HW OEM ID, HW Class and HW Version is what is necessary to identify HW.
>
> There is similar reasoning for the other claims.
>
> Which claims would you remove?
>
> [Hannes] I don't know the history of the DLOA and the SW manifests claim but I wonder whether people will use them in the near future.

As rule of a thumb, I'd simple prune anything that was added after -08.
Maybe we should go from that demarcation line, enumerate the Claim names
of everything that was added after and then see, if there are candidates
in that list that the WG is interested in keeping.

I am not saying to abandon the "pruned" Claims, but to put them into the
next document. All implementation that I know of are based on -08. I
don't want to sound over-confident here... maybe it's -09 effectively...
my point is: divide an conquer.

>
>>
>> - Unprotected CWT Claims Sets (UCCS): I see UCCS as an architectural aspect. Normally, the implications for the EAT spec should be quite small. The purpose of the EAT spec is to define claims that go into a CWT. EAT does not mandate a specific way to protect the claims (digital signature, MAC, encryption, etc.) then UCCS has not much implication besides a short mention in the security consideration section. Given that UCCS is a separate working group document we would remove Section 4 along with any reference to UJCS.
>
> There’s strong logic here:
> — RATS architecture explicitly calls out composite attestation — A submodule can be a nested EAT to implement composite attestation — A nested EAT can be a CWT, UCCS  or DEB — The CDDL that specifies a nested EAT submodule thus must mention UCCS
>
> So a UCCS is a claim that goes into a CWT. I think UCCS, particularly CDDL for UCCS, must be included because of this.
>
> [Hannes] I wonder whether everything in the RATS architecture should be covered in the EAT specification for several reasons:
> - First, the EAT spec becomes complex and harder to read.
> - Second, the RATS architecture enumerates everything that came into someone's mind or, as we later learned, can be patented.
> - Given the status of the industry with attestation I believe it will take a while to even get the basic functionality deployed. For more complex use cases it can easily take several years.
>

Yes. This. I am in strong support (+1) of moving UCCS implications
solely into the Security Consideration Section.

[JOD] There are arguments both ways, but I could live with this. It does mean we (UCCS editors) should accelerate progress towards publication of the UCCS draft.


>
>
> We decided a long time ago that EAT would support JSON in a normative way. The logic continues:

I am not so sure how the group consensus really looks like here. Maybe
this calls for a dedicated question to the list. Again, I am not talking
about abandoning the whole JSON nested in CBOR nested in JSON idea. I
just think as part of the EAT core document it is adding an
insurmountable amount of complexity that could severely hamper adoption
in the end.

[JOD] My view is that there are two distinct use-cases here:


  *   Attester conveying attestation evidence to a Verifier (likely to be CBOR in most cases)
  *   Verifier conveying results to a Relying Party (likely to be JSON in most cases)

I am not fully convinced that the complexity of allowing an EAT to be almost any arbitrary composition of JSON and CBOR components is really necessary, and maybe it is reasonable to require that an EAT is composed of either CBOR or JSON components. Doing otherwise has potential to make all components in the chain (Attester, Verifier, RP) quite complex, and I’m generally keen on simplicity.

However I do think the need for support of JSON by EAT is widely supported by the group

> — An EAT can be a JWT
> — EAT specifies claims that go into a JWT (and a CWT) — A submodule can be an  nested EAT — A submodule can then be a JWT in a CWT or a CWT in a JWT
>
> If we stay with the idea that EAT has normative support for JSON, then I believe the above logic holds and specification of the above is necessary.
>
> I don’t think we realized the implications of EAT formally supporting JSON/JWT in a normative way a few years back. I certainly didn’t. Trying to write and validate the CDDL for both JSON and CBOR, JWT and CWT brought it to light. Maybe it’s too much? What do people think about completely removing normative JSON support from EAT?
>
> [Hannes] JSON may be something that is support from the verifier to the relying party because those are probably HTTP-based API. I am wondering whether it would make sense to just have a CBOR-based encoding for the attester-produced EAT tokens. Then, the JSON-based functionality could be published in a companion document, if needed.

+1 for companion document, +1 for if needed.

[JOD] I would rather see document reach consensus and get published sooner – if removing JSON support helps this goal, and I think it does, I’m +1.


>
> Now on to UJCS. The decision on it can be separate from the above logical conclusion, partly because JWT has the (awkward) null algorithm mode.
>
> My main logic about UJCS is:
> — JSON is far more popular than CBOR
> — If there is reason to specify UCCS, then there is more reason to specify UJCS — This also lines up with EAT being used for attestation results, which are likely to be JSON.
>
> Maybe UJCS can be removed from EAT, but it seems like it should then exist somewhere else.
>
> There is still a logic and power in bringing all this highly related stuff (CWT, JWT, UCCS and UJCS) together especially when you try to write CDDL for it where individual claims can be JSON or CBOR and individual tokens can be JSON or CBOR. This goes back to composite devices described in RATS architecture.
>
> [Hannes] IMHO the UCCS functionality should be described in the UCCS draft. I doubt that JSON makes a sense for the community proposing it. I got the impression that this is something from the Smart Card/Secure Elements community and those would hopefully use CBOR rather than JSON.

+1

[JOD] There is a clear use-case for UCCS in the GlobalPlatform/Smartcard world. If it is not in the IETF document, GlobalPlatform would define it in a profile. We brought it to IETF because it seemed like there might be use-cases beyond GlobalPlatform.

+1 on JSON community can create UJCS , (+1) if required, when work on JSON EAT gets started.


>
>
> Ciao
> Hannes
>
>
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats
>

_______________________________________________
RATS mailing list
RATS@ietf.org
https://www.ietf.org/mailman/listinfo/rats

v2.39.1 | Report a Bug | By Email | System Status