Re: [Rats] Initiating WGLC for draft-ietf-rats-msg-wrap-03
Thomas Fossati <thomas.fossati@linaro.org> Thu, 08 February 2024 17:41 UTC
Return-Path: <thomas.fossati@linaro.org>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78EE6C14F70A for <rats@ietfa.amsl.com>; Thu, 8 Feb 2024 09:41:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=linaro.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jb8ZY-iFpLeE for <rats@ietfa.amsl.com>; Thu, 8 Feb 2024 09:41:06 -0800 (PST)
Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1D1AC14F68F for <rats@ietf.org>; Thu, 8 Feb 2024 09:41:06 -0800 (PST)
Received: by mail-lj1-x232.google.com with SMTP id 38308e7fff4ca-2d066b532f0so1413221fa.1 for <rats@ietf.org>; Thu, 08 Feb 2024 09:41:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1707414065; x=1708018865; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Rk5JtxcSKqprfCVo2DkI3+BDQ6s4UEhdXyX0KWhZasE=; b=oeZoNQ35K8pyI1FTnekzhfcFnWzFO6MqiJe9dmHnGr/4TmHh+keF382AHZLKa1ECzl 9+X+B7i5Vx+QwIk+jTzvc0fhQB974nFBxxGaQsPTNfqPGyzgdU5mmjFb4onXXyFgG1SP gM2Np5zDlokrEeNMK/bxlJ8mvVNQdliUdKLHk6xIWm3v+ngQqohZQVVrrKTZ8a3BoqZy M+czPcVieSegXxh+PXxu0D4xjzLC7ou4n725GVOeTC2MH1OU4FX3U3KImJYrabw4pp4u l2Xe6tQJZ/fDQd9j70uEOkZE66XjmJqe6MboA9tL2dl+nbA5LWyc6O9rXbBoBrpNA3wH BHBw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707414065; x=1708018865; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Rk5JtxcSKqprfCVo2DkI3+BDQ6s4UEhdXyX0KWhZasE=; b=YvblTMrSyLZSu272vCuL7NV3bJ4FXcmzZEmG5tqnKOdoyGO9YfNKkzP65rW7EtBR8v vv7x7RvUaiHSbkYSrQGyFX/xwvvF1m7rGha+xjAAA4n9lK21bxIcxk0IHZiPUBqI3wZ/ RUPiu3MTxVVmSY+BhTRorGNcEL6iUBzFgdsg9r6yS1Y6R5RlDCJrdwnNLG2X2ElQuAEK MUov1DtFoSGbDc8S0TxBEM8jQOZ/x4FmNowOLtuWqPeqMfygJKiPtYpwqDLpdKFfRZo7 yvPmuiLsk56+KW4hQ2U+Cr/N1pbDIoPO0LFkfbKpNVnPlVKSBzO6dBMAddgIolACaVVb Jzog==
X-Gm-Message-State: AOJu0YxkGmRF8aU+7x4VVXzKSxqarAQKLElMwgXjnzKBuBBHMgIAQivQ lP3QyNXOHraKi5/utEJ6YLXIb7qIGoH12VtmFLYIu7GgDYnO8ZrwDwDGz/s3bYd7sHyfNs7DT7t 9rh57UTI21U4P6+HjIQHq6fXbYIOaBuio1pLun20fYwEiWZWBNkY=
X-Google-Smtp-Source: AGHT+IGU0/K/FbVHhMdniHQ8o60lGwgcz71diZ4Gybcapjm82h8jK3SylvS22lWUlCh/WGELkXhufY4OhSvwDTJtv1g=
X-Received: by 2002:a2e:870a:0:b0:2d0:d336:d143 with SMTP id m10-20020a2e870a000000b002d0d336d143mr20213lji.52.1707414064654; Thu, 08 Feb 2024 09:41:04 -0800 (PST)
MIME-Version: 1.0
References: <30BF57B0-AAAE-422D-B9A1-C908E4792D44@redhoundsoftware.com>
In-Reply-To: <30BF57B0-AAAE-422D-B9A1-C908E4792D44@redhoundsoftware.com>
From: Thomas Fossati <thomas.fossati@linaro.org>
Date: Thu, 08 Feb 2024 18:40:48 +0100
Message-ID: <CA+1=6yerS5y2EpP3UF0085ZmW8fFED8AGQKNk9u6OoCWidObtQ@mail.gmail.com>
To: Carl Wallace <carl@redhoundsoftware.com>
Cc: "Nancy Cam-Winget (ncamwing)" <ncamwing=40cisco.com@dmarc.ietf.org>, "rats@ietf.org" <rats@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/xHYzB2MPSHW5yzgn_rgysPcK9gk>
Subject: Re: [Rats] Initiating WGLC for draft-ietf-rats-msg-wrap-03
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Feb 2024 17:41:10 -0000
Hi Carl, thanks a lot for the feedback. On Thu, 8 Feb 2024 at 12:16, Carl Wallace <carl@redhoundsoftware.com> wrote: > In section 5, it may be worth calling out that the encoded CMWCollection is encoded as an OCTET STRING as the extnValue field of this extension. Section 4.2 in RFC5280 makes this point but I’ve seen the outer OCTET STRING left out in a couple of attestation-related contexts. The pseudo code about removing “the ASN.1 OCTET STRING” in Section 3.3. could further this misimpression since there are two OCTET STRING layers wrapping a CBOR value. Maybe add something like: “The DER encoded CMWCollection is the value of the octet string for the extnValue field of the extension”. Awesome. Tracked here: https://github.com/ietf-rats-wg/draft-ietf-rats-msg-wrap/issues/64 > The security considerations section says that “messages themselves and their encoding ensure security protection.” This is not true for UCCS, which is part of the referenced EAT media type spec. You are of course right. Tracked here (alongside another security consideration): https://github.com/ietf-rats-wg/draft-ietf-rats-msg-wrap/issues/63 > I think this came up relative to the collections draft a while back but I forget how it was handled (and did not go looking just now). How would one encode artifacts that use different encoding types, i.e., a CBOR evidence and a JSON result? The collection concept is analogous to the submodules part of EAT, and that addresses the various nesting possibilities. Yes, Dionna started that conversation here: https://github.com/ietf-rats-wg/draft-ietf-rats-msg-wrap/issues/55 and we are trying to converge on some sort of "tunnelling" design cheers!
- [Rats] Initiating WGLC for draft-ietf-rats-msg-wr… Nancy Cam-Winget (ncamwing)
- Re: [Rats] Initiating WGLC for draft-ietf-rats-ms… lgl island-resort.com
- Re: [Rats] Initiating WGLC for draft-ietf-rats-ms… Thomas Fossati
- Re: [Rats] Initiating WGLC for draft-ietf-rats-ms… Carl Wallace
- Re: [Rats] Initiating WGLC for draft-ietf-rats-ms… Thomas Fossati
- Re: [Rats] Initiating WGLC for draft-ietf-rats-ms… Russ Housley
- Re: [Rats] Initiating WGLC for draft-ietf-rats-ms… Thomas Fossati
- Re: [Rats] Initiating WGLC for draft-ietf-rats-ms… Thomas Fossati