Re: [Rats] IANA pre-RFC code points

"Smith, Ned" <ned.smith@intel.com> Tue, 16 February 2021 16:44 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FF193A0B91 for <rats@ietfa.amsl.com>; Tue, 16 Feb 2021 08:44:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Level:
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=intel.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cX6YwBk4edvH for <rats@ietfa.amsl.com>; Tue, 16 Feb 2021 08:44:56 -0800 (PST)
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06A3F3A0B70 for <rats@ietf.org>; Tue, 16 Feb 2021 08:44:43 -0800 (PST)
IronPort-SDR: saoHYgAhi/51IDBDZqn2F2HzduJyDlMyjwwkP70ewwf3tFkE+QK9ZD/oYEVe92Zau6+0UGomTa UJY687loH+MA==
X-IronPort-AV: E=McAfee;i="6000,8403,9897"; a="267790926"
X-IronPort-AV: E=Sophos;i="5.81,184,1610438400"; d="scan'208,217";a="267790926"
Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Feb 2021 08:44:42 -0800
IronPort-SDR: Kcbg9yAumyTkyAuaLawDz+oCRDocTArM1SgFWlDQ6M/YkQ2abveQkdeZ8WpvEgEuxbG5L2KKsb rQgZYxgW5Omg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.81,184,1610438400"; d="scan'208,217";a="592257120"
Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by fmsmga005.fm.intel.com with ESMTP; 16 Feb 2021 08:44:41 -0800
Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Tue, 16 Feb 2021 08:44:41 -0800
Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Tue, 16 Feb 2021 08:44:41 -0800
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.106) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2106.2; Tue, 16 Feb 2021 08:44:41 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aktjv1kv/gKm5+iIwCiS0FO2J6BntSpNf3Ea7h1rIwCW0pdiEX/R8pXoY4H1RimseaCsGtl1J2WNRn+smE6j8h59CDIvJ064BLNX5GMAW0KLrkDegd5fVcCBHJdFfipkMPja+2wCGycpF2NhgIj4aMPovEhyxPMglSrQrl/lfH2CFhOPhKcqCrQ5s3CZpcV9K9Sjwt1EYrRYCw01V65+k9yVDW7eOT9sTbOJBkJyp0ic2WmQQZmGiorhf19BND3rv1WovoACPtNtnHWECFlgAxQMixodxMm4FbHBMTdQYe/1cqHMAqHY1m1DOtbVTFirZgzbEo5Q0Jh27GPd62FBSw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qUjDLjTz9vEnxhF8HuuF6JeH1oAVMpiOOr9etbBifCI=; b=I9LzywqJ3hmc6dmx4HBhph6XijXqT2q6KboDcoIMbO0REX6KrKGTeM/d2VLixnNTheycbI/0yaYa+j9dCB3XszsOjPFPeOFd8UzHMSy8gmg3euL2VJDfuy34UDUOPujybJ7fRqBiFhY6h0I1Ys2JuhAIs+kBywRdo25uhsIw9uF7yhcdWR/DWYnDqSalCYBlf+Vo4yOte4GTBhmLSHmkwO5+8DCYPgForI/FEghuzj02XdcxBCbVuyz1Fkku5C0RF45pwiee/CENE2ifd0nPFGltbMneBelJCtmj8RYoDVdJzYL1YMnbzoG9wrKpvJZVEWmAtqVyPPJ5E5r8oCeFCQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qUjDLjTz9vEnxhF8HuuF6JeH1oAVMpiOOr9etbBifCI=; b=QuTW7fDP9o5PD6siL1nU+FNf3s6DfaUcUT7diZnUBWhhdKnj8HGW8ovPp0g5Dtt2aKBL8P1lhFnVI9driNvIJw7qIgL3V9Hz7xVLz5YsZkYjN9J6hHsedDVNJoPp4Hf4IJ8rxR2bioKt7qfgsOF5HOhWulHLaHQtMH7XlJXXfZE=
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by MWHPR11MB0045.namprd11.prod.outlook.com (2603:10b6:301:61::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.23; Tue, 16 Feb 2021 16:44:35 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::b424:905d:3819:d9f0]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::b424:905d:3819:d9f0%3]) with mapi id 15.20.3846.042; Tue, 16 Feb 2021 16:44:35 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Laurence Lundblade <lgl@island-resort.com>
CC: Thomas Fossati <Thomas.Fossati@arm.com>, "rats@ietf.org" <rats@ietf.org>, Adrian Shaw <Adrian.Shaw@arm.com>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Simon Frost <Simon.Frost@arm.com>
Thread-Topic: [Rats] IANA pre-RFC code points
Thread-Index: AQHXAWrWyNnr+LVu0EK5OV1/nqdTzapWtVMAgALqwl2AABGTgIAAy2mA
Date: Tue, 16 Feb 2021 16:44:35 +0000
Message-ID: <0CF448FE-B249-496E-B1A8-528B189DA16C@intel.com>
References: <80F4DFAD-8A5D-44DC-BEDF-BA96B7F21991@arm.com> <D7AFAA80-B8EE-4657-8A81-71FE4F79E23B@island-resort.com> <CO1PR11MB51690D5D3D7EA17153C83EBAE5889@CO1PR11MB5169.namprd11.prod.outlook.com> <B549435F-1896-4A8D-A1FB-CE57567E824D@island-resort.com>
In-Reply-To: <B549435F-1896-4A8D-A1FB-CE57567E824D@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.45.21011103
authentication-results: island-resort.com; dkim=none (message not signed) header.d=none;island-resort.com; dmarc=none action=none header.from=intel.com;
x-originating-ip: [50.53.43.22]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c5142c0e-6545-4c7a-b8ff-08d8d29a24e6
x-ms-traffictypediagnostic: MWHPR11MB0045:
x-microsoft-antispam-prvs: <MWHPR11MB0045A77C8DC46FE14D8597ECE5879@MWHPR11MB0045.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:5516;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0BlUnx/FrYFUjBNSZFNc/cysRgdIhNDoE3t7Y/GXBzck9XpPdPO/HtjFUnlNxOUKLdTIXR6XqBQF91BzzQ2+kwXASCBxtsfz0I5vCfevfcVXnARoLW07doYdkDbnawDbN8BXNkgTPJUlJqbaTThNsj/ShvTEwjHF0ONslNnMt46keKNt9DcPxN6L2C/5EmihcA0vT5aGNPa64LdvGRtiaihMxx2wK1Y+m1vMaV0jg1WOk8xyPYMWRJYQIL1CsiRMXqaieH0fbcOYb6oHC5/gY4yvGz3xSGQk/NrorCDqIM0/0Anbny05LrLEfmpKqwqeDw0LIXojKoKuk+9kzQNtIk/T9wcX6IBm+yZ89c2iB529Wd0GtWn8REJp6gyirZFO2Jk1EMn66NkIQkYNgySZKfdcRmd/qRiaSWoe91mOKFCpZ3DR3NA3ysDYPfLTRLLnZX3QmZu2JUWkB+ymdCXOlWllgNJe7zNoCxs4QYo47DM3C/gCmpAwFsZWpGzCTU0dtX8kGxE0F1BoodpxeU8QfMBlWPtsjHj4M0Y4yEX7p1VydlVy/AbQ9TNqI3lwyoP1yqxQnDZpWocREkTTBhL1gNAIC+zqxrREl2dYRyAaZPueoC/IwQ/BXj1zevcmg4hDn+ey1PFyoqJZFEiE45Y2sw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5169.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(346002)(39860400002)(376002)(396003)(366004)(36756003)(8936002)(6486002)(5660300002)(86362001)(26005)(186003)(66446008)(316002)(2616005)(8676002)(2906002)(66476007)(53546011)(6506007)(478600001)(4326008)(166002)(64756008)(66946007)(6916009)(6512007)(71200400001)(83380400001)(54906003)(66556008)(33656002)(76116006)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?utf-8?B?NFNIbi8yNDUvYnlPd3B6RDlKT2c2SkJENXpOd3VadlJzVzNkRVNobk1yOWhO?= =?utf-8?B?UnlLT0xnMWV2UHhlOTRGakpXTkpIeWx0aWFQaXdlN3lpeGg2NlRMODRsN1Z1?= =?utf-8?B?aldLNlJUa0hhUTRsa2tCQUFQRUdYWGkvUXRDUU0zeGM3WkU5em5wczFKV3hk?= =?utf-8?B?WE9qNFJvSEJJS3NlK2pYNzc1M0tSOHdrSGNCUXc0LzJJeU5QRHMrU1dheVNY?= =?utf-8?B?N0FsSitiVzlLWDZBZUhPdUdtYkdUeTRTdEdYRncweTY3KzM2WHNkeWFvMHdZ?= =?utf-8?B?VC9IQlZUcUxNdzErN2w3OEtPb3ZBSWxkTU5LMG9WRll4Nml4TENrNzJvU0d3?= =?utf-8?B?bUluT3ZEWGZsUW85eUVvdStzeHJRV3pZc2p2Lzh6UDZzaTBBMmtaRDVSU01n?= =?utf-8?B?WGxqeWNvcFB5dk84N2tPa2hobHZEUC81RlRybmxqSUxvaVFZVFhWWnlmcWth?= =?utf-8?B?MXB1Q2h5RGM2RnQxdWNrUGVDdWlvL1JMQkVCc1hneUJvR1pnWnk2d0hUVGoz?= =?utf-8?B?RUozUlZPOHFKUmNiY1MzQ3F5dWJrbXlsRFhDUnVpMEZKcW5zMkxCRWQzYXR3?= =?utf-8?B?N0NFOUxDNi9FK2pKblpJTUpCQ3E5Tnh0Sy9LWktCd1ptS1Z6VE5Wc3A2ZG93?= =?utf-8?B?L2pLUjh5bEZCM3Q4Z3pQNzBBZTI5aFZXbitvelVQTmYrZjFtdEFCU1FwVUFj?= =?utf-8?B?RTVBMHhKYmU3QVVTRlRZZXAwejJzNlBYekRkQVI4QXpYamEyYkt2S3lvSjFT?= =?utf-8?B?UG9oeXlXb0VJUitPOEJIQythdWQxd1JuTWtHd2NTQnhWMG5wS2tPbzZnNDFX?= =?utf-8?B?WmNNTjNFMm1nRXF1K2hGc24yc1JBTFdxelUyeEdYeVV1K1ZVclR2TEJ1S2Jj?= =?utf-8?B?UVVCYklzOFdBNi81RGhpVXo5TW1kdWNpSnJUS1hCMUtrWHE4UHRDMHZWMktk?= =?utf-8?B?YzJxcDJPeC84M2s4cnhsanRlbTk5N3o4VkkrR3JMYmFzcG9IRDZBTTIwemxZ?= =?utf-8?B?cW5mWkpyQUZMSTBXWUtyT1MwdlBHQVp5eXpqYytSTzVJOE9yQnhCTnJNY3dI?= =?utf-8?B?WUF0bU54U0RWa2lHTkh6Y2VIZ2RScEhiRW8xY1R5LzREM1Rzb2c1dlRCc3dH?= =?utf-8?B?WnYwSXkvVFM4MzhBY1paVVkrTktjakkvQmUyWTdOV2I2ZGtYeGhTK2xZMFI0?= =?utf-8?B?RGVMVG80TUVnUWJaSW5FU1dEUzVKNkljWnJiRG5yU0FJWG5VR0RDd2FWMWFE?= =?utf-8?B?akdsZXVPNE9GT2Z1SWM0WjV5RTB5YW1YOTRpOW0wcDZqWVRDRENJYW9YTmxj?= =?utf-8?B?TmtNSlc3SWJLMlUzb2NPN2lsbTVEUjdPMFNHNGFaUnRvWWZHQWlJQU8wNjZl?= =?utf-8?B?bE9uVEpBNlM4UDFUOW10cm94eEJUZUhPUjZRUm1iWk1iQVo1ZkRUNkN6cTZX?= =?utf-8?B?YS9jKzkxN2NGaGdFcFJhbjRYRnZzcjB4alFGVXBueDJ2bVZxTlFpRkowaVVs?= =?utf-8?B?VjZwZkFUOVhsaUtrelZRV2tsTUpBdGU0VmI1R0h2TkwyQWVPZVZRS3FzZU5H?= =?utf-8?B?SC9TKzkwelZ3OVFHY0N5bmgxY1FudjVXYitsZjgvYzExc0IxRWV3dUJOYS9Z?= =?utf-8?B?cnRMZVBlYWV0MFNsUWwrSzlmQVp1UTdhekFWZTN1ZWV0eS9ZeGVlRVN1V05i?= =?utf-8?B?VnRWZytwK2VmSERxWTUrb3pKUFJZODhTTXA2cTd5N09DdUQ5SVh2WFBpL01Q?= =?utf-8?Q?MQ6e3pwDXT0igp1hyNd2XgdMadme8wzTSFotlwm?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_0CF448FEB249496EB1A8528B189DA16Cintelcom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c5142c0e-6545-4c7a-b8ff-08d8d29a24e6
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Feb 2021 16:44:35.7597 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: agwoUYMNLa6BHXiQbowFWb5YPG6uK1GKQJRsM6x2QqVoS6ReZcc1GwKkYDpPAcT7NvRWwJC9AF8ameXb1ZtCGQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB0045
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/yLWWoLlBLpIudC-bFwj4E4C-y5o>
Subject: Re: [Rats] IANA pre-RFC code points
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Feb 2021 16:44:59 -0000

Is it the intent of this spec to define a machine readable format for stating the 12 ‘things’ the profile should specify?
What if any convention addresses profile name collisions? If vendor-A uses profile name is “A” and vendor-B also uses “A”, is that considered either a security problem or an interoperability problem?
-Ned

From: Laurence Lundblade <lgl@island-resort.com>
Date: Monday, February 15, 2021 at 12:36 PM
To: "Smith, Ned" <ned.smith@intel.com>
Cc: Thomas Fossati <Thomas.Fossati@arm.com>om>, "rats@ietf.org" <rats@ietf.org>rg>, Adrian Shaw <Adrian.Shaw@arm.com>om>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>om>, Simon Frost <Simon.Frost@arm.com>
Subject: Re: [Rats] IANA pre-RFC code points

They are largely complementary mechanisms.  Maybe you could call the IANA claims registry the palette of colors and a profile the painting.

The IANA claims registry describes lots of different claims. Some implementations will use one set of them, other implementations will use others. Some will use proprietary claims that are not in the registry. This however doesn’t give much guarantee of interoperability between an Attester and Verifier.

A profile says which claims are in use for a give use case. It says which claims are prohibited, which are required and which are optional. It should be complete enough to give full interoperability for a use case.

A profile also says which crypto, which serialization format and such to use so that interoperability can be achieved.  There are 12 separate things that a profile should specify (e.g., required claims, prohibited claims, JSON/CBOR, algorithms, CBOR serialization, endorsement identification…). Take a look at the text here<https://tools.ietf.org/html/draft-ietf-rats-eat-08#section-5>-5>.

LL




On Feb 15, 2021, at 12:36 PM, Smith, Ned <ned.smith@intel.com<mailto:ned.smith@intel.com>> wrote:

The topic of how vendor specific data should be handled has been brought up in the past. The conversation seemed to reach consensus by using the CWT/JWT existing mechanisms for vendor specific tags. Maybe someone should summarize how the profile mechanism compares to CWT/JWT vendor specific mechanisms?

Ned Smith - Intel - ned.smith@intel.com<mailto:ned.smith@intel.com>

________________________________________
From: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>>
Sent: Saturday, February 13, 2021 3:00 PM
To: Thomas Fossati
Cc: Smith, Ned; rats@ietf.org<mailto:rats@ietf.org>; Adrian Shaw; Hannes Tschofenig; Simon Frost
Subject: Re: [Rats] IANA pre-RFC code points

Profiles and are only in EAT drafts from the last month so they haven’t had much review or discussion. That makes them different from the other claims for which pre-assignment is requested.  I don’t think I have even presented them in detail in any meetings. So personally I am kind of on the fence about this.

A thorough reading and commenting by folks other than Arm would get me off the fence.

Happy to hear what the chairs think too.

LL


On Feb 12, 2021, at 11:14 AM, Thomas Fossati <Thomas.Fossati@arm.com<mailto:Thomas.Fossati@arm.com><mailto:Thomas.Fossati@arm.com>> wrote:

It'd be extremely useful to us if the "profile" claim could be added to
the list early assignments.

That way the PSA token would just use the standard code point assigned
to "profile" to create the context to interpret the rest of the private
PSA claims - which means we would not need to make any further request
to IANA.

Hopefully it is not too late to ask :-)

Cheers!