IETF Logo Mail Archive

Re: [sacm] [Rats] CoSWID and EAT and CWT

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Fri, 22 November 2019 18:27 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB2BC120096; Fri, 22 Nov 2019 10:27:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.997
X-Spam-Level:
X-Spam-Status: No, score=-0.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1OmV4wsbPlqd; Fri, 22 Nov 2019 10:27:31 -0800 (PST)
Received: from mail-oi1-x22d.google.com (mail-oi1-x22d.google.com [IPv6:2607:f8b0:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBE9412004F; Fri, 22 Nov 2019 10:27:30 -0800 (PST)
Received: by mail-oi1-x22d.google.com with SMTP id l20so7319825oie.10; Fri, 22 Nov 2019 10:27:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ACRYRSFaq33uUhELKClxGpNSiBU3gcO1TGnaysLekM0=; b=AP6pHGXyBJISgjHe2UHvTVx8/iACld5HWZv6AKUxj06f7hs8/9g2GimW5g44L2M6km BKA5hwZeMn7aC8rIcuGF7dfmV6/Bi+VP6NiYkptxAGsKl7jDjQgzCV9YfxLNiwbwzykX EpAE0chPcIy3sTWxPi6wb6Q4V8PNuJDnGzzHv9essoTaLpYtBZbyJk7iSodEpQAw8s10 Ja8Vx0NMf3CcrwG6EdZMYZv15i1YIJZTuIj4LlJ3Org8kHJxYw/TM/gybsOC07DTp9l6 RbJI8zSkacMjFPVwkN9NgW/l5SO6Z132KvsHp9+wKi2a8mlsbcApK1jLaXApEEzInff0 1COA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ACRYRSFaq33uUhELKClxGpNSiBU3gcO1TGnaysLekM0=; b=Z042UL1wrBSyFri0CxVn7GQ/k4EMiF3X6oZgiCvG6PAYtNYT2bKbE1ENUPzYLbIz5/ PNgdWchyr2y4OgfWj+bQBIni0JPp93xSZnJaDdi8RRd6X6rncu/Ms7bA5lYMZ3Um/S3h DlIPde9Rd4d1/Q9I5T/RipdZsx9frpYRhCbfGNrcarG0UyvcwEuTsLGktR1Pgryh8/3E Ga2qe1b5d41KGoghEgiEl3z6pGBIQJ/xHkpEYm+Mw+fmI9XfdfBCC58FWGHs4f/h2Xye e9z4rFL1eEx+Y81wPrVuysBOIyQmrRZBVY+bk4z4eu5hq4fLtJXg2m1X66Uzx6JQfX5X 9q7Q==
X-Gm-Message-State: APjAAAVqbLzHu5pj6teDtInHEBPaYQmGuDtsJd6I/FbumDf7wnA3LWDe u8/HdyIaNMsSn3ogzzbVeaGEl7I7IO/oE1FLZfQ=
X-Google-Smtp-Source: APXvYqxGZpgZxDE3+pBBTPNWuQeN/i6Ldbb03B8584atj5M22EVz24EuvALpmNTYYdX8I+KSaXxAMIbGmfenENIyOfs=
X-Received: by 2002:aca:3044:: with SMTP id w65mr9876535oiw.158.1574447250070; Fri, 22 Nov 2019 10:27:30 -0800 (PST)
MIME-Version: 1.0
References: <BN7PR09MB2819D797B89183218BEFA823F04E0@BN7PR09MB2819.namprd09.prod.outlook.com> <922EA164-FB96-4245-A46C-6520809E6311@gmail.com> <01f09bc9-bd79-89da-243d-cd766f297a5b@sit.fraunhofer.de>
In-Reply-To: <01f09bc9-bd79-89da-243d-cd766f297a5b@sit.fraunhofer.de>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Fri, 22 Nov 2019 13:26:54 -0500
Message-ID: <CAHbuEH7uEjYK8obQ78B4paaB426Xrhuh+E7SJGsXNi_cRDYYAg@mail.gmail.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Cc: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>, "rats@ietf.org" <rats@ietf.org>, Ira McDonald <blueroofmusic@gmail.com>, sacm <sacm@ietf.org>, Laurence Lundblade <lgl@island-resort.com>, "suit@ietf.org" <suit@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000ee1220597f391cd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/34YzFRhR6tfqL84qjem0CsnRy7U>
Subject: Re: [sacm] [Rats] CoSWID and EAT and CWT
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Nov 2019 18:27:33 -0000

Hi Henk,

I am not entirely following you, so I am not stating agreement yet.

On Fri, Nov 22, 2019 at 12:06 PM Henk Birkholz <
henk.birkholz@sit.fraunhofer.de> wrote:

> Hi Kathleen,
> hi SACM, SUIT & RATS list,
>
> the corresponding *SWID authors discussed this issue and are proposing:
>
> > https://github.com/ietf-rats-wg/eat/issues/46
>
> This includes an extended scope to include the option of SUIT Manifest
> related Claim values, next to various *SWID Claim values. We permutated
> "signed" & "not-signed" as well as "payload tags" and "evidence tags"
> for *SWID tags in this proposal. The authors are convinced that the
> "not-signed" variants are of essence (as CWT does not allow "not-signed
> CBOR items", but also do not imply any implications to the SUIT Manifest
> Claim definition (although there are strong similarities and there could
> be some).
>

Can you write the above again?  Are you saying this in terms of a CWT?
Wouldn't the claims and the text value in a CWT be represented as-is, then
signed, so you'd get what you are saying is needed?

>
> The current *SWID contributors prefer this contribution as a parallel
> effort to the EAT I-D, SUIT Manifest I-D, the CoSWID I-D and existing
> ISO XML SWID standard. This proposal includes the primitive to not delay
> corresponding IETG I-D in their respective WGs.
>

Are you saying you don't want to add text stating the use of a CWT is a
possible alternative, as that is what was requested.  I offered to write a
separate document to put the CoSWID in a CWT in SACM as I think that's the
right home, referencing EAT work.

>
> Having said that, we would like to get feedback for the proposal
> references above.
>
> If there is no dissent or push-back on either the SUIT, SACM, and RATS
> lists, our proposed way forward is a unified creation of EAT Claim Sets
> in the RATS WG that enables the use of various *SWID variants & the SUIT
> Manifest as payloads for RATS via the RATS EAT I-D.
>

I think this should be in SACM.  And I've offered to help.  I do think that
a little text saying it's possible should be in the CoSWID draft and will
provide that soon as not to delay progress of the CoSWID document.

Best regards,
Kathleen

>
> In summary, we would like to create this interop I-D in concert and
> welcome every joint effort in this domain.
>
> Viele Grüße,
>
> Henk
>
> On 21.11.19 12:37, Kathleen Moriarty wrote:
> >
> >
> > Sent from my mobile device
> >
> >> On Nov 20, 2019, at 11:29 PM, Waltermire, David A. (Fed)
> >> <david.waltermire@nist.gov> wrote:
> >>
> >> 
> >> It sounds like having a CWT claim that contains an entire CoSWID is a
> >> path forward. It may also make sense to do something similar for ISO
> >> SWID tags.
> >>
> >> Am I right in thinking that this CWT work can be done in RATS,
> >> referencing CoSWID once it is published as a normative reference? This
> >> would allow CoSWID to go forward to the IESG, while the CoSWID CWT
> >> claim is worked in parallel in RATS.
> >>
> >> Kathleen, if this is true, does this way forward address your
> >> CWT-related comments?
> >
> > Hi Dave,
> >
> > I think the signature may have to be on the CWT as opposed to on the
> > claim that is the CoSWID or SWID.  We can define it fully in another
> > draft, but should state it here so that option is understood.  It’s a
> > simple write up, I think.
> >
> > Thank you,
> > Kathleen
> >>
> >> Regards,
> >> Dave
> >>
> >>
> >>
> >>
> >>
> >> ------------------------------------------------------------------------
> >> *From:* sacm <sacm-bounces@ietf.org> on behalf of Kathleen Moriarty
> >> <kathleen.moriarty.ietf@gmail.com>
> >> *Sent:* Wednesday, November 20, 2019 9:10 PM
> >> *To:* Ira McDonald <blueroofmusic@gmail.com>
> >> *Cc:* rats@ietf.org <rats@ietf.org>; sacm <sacm@ietf.org>; Laurence
> >> Lundblade <lgl@island-resort.com>
> >> *Subject:* Re: [sacm] [Rats] CoSWID and EAT and CWT
> >> Great, thanks Laurence.  If that's easier I think having the CoSWID in
> >> one claim should be ok and would have the same result as the
> >> suggestion I made.  Changing the CoSWID format is a big enough process
> >> that it shouldn't happen very often.
> >>
> >> Best regards,
> >> Kathleen
> >>
> >> On Wed, Nov 20, 2019 at 8:00 PM Ira McDonald <blueroofmusic@gmail.com
> >> <mailto:blueroofmusic@gmail.com>> wrote:
> >>
> >>     Hi Laurence,
> >>
> >>     That seems like a good suggestion for a simple way to integrate
> >>     CoSWID content
> >>     into EAT.
> >>
> >>     Cheers,
> >>     - Ira
> >>
> >>     Ira McDonald (Musician / Software Architect)
> >>     Co-Chair - TCG Trusted Mobility Solutions WG
> >>     Co-Chair - TCG Metadata Access Protocol SG
> >>     Chair - Linux Foundation Open Printing WG
> >>     Secretary - IEEE-ISTO Printer Working Group
> >>     Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
> >>     IETF Designated Expert - IPP & Printer MIB
> >>     Blue Roof Music / High North Inc
> >>     http://sites.google.com/site/blueroofmusic
> >>     <
> https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsites.google.com%2Fsite%2Fblueroofmusic&data=02%7C01%7Cdavid.waltermire%40nist.gov%7C92a2dcbadd8d47661b9608d76e282847%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637098991070417006&sdata=GDIVVIesvqqXnuU6TtLbK7GJ4eI1b1EcYSPoXsHlj04%3D&reserved=0
> >
> >>     http://sites.google.com/site/highnorthinc
> >>     <https://gcc01.safelinks.protection..
> outlook.com/?url=http%3A%2F%2Fsites.google.com%2Fsite%2Fhighnorthinc&data=02%7C01%7Cdavid.waltermire%40nist.gov%7C92a2dcbadd8d47661b9608d76e282847%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637098991070417006&sdata=7z%2BoMcYSSFD8hAYHmELqNoyGAxTBE9gknbV6kAzKWX8%3D&reserved=0
> >
> >>     mailto: blueroofmusic@gmail.com <mailto:blueroofmusic@gmail.com>
> >>     PO Box 221  Grand Marais, MI 49839  906-494-2434
> >>
> >>
> >>
> >>     On Wed, Nov 20, 2019 at 7:35 PM Laurence Lundblade
> >>     <lgl@island-resort.com <mailto:lgl@island-resort.com>> wrote:
> >>
> >>         Hi,
> >>
> >>         I’m not on the SACM list, but did look at the archive.
> >>         Hopefully I’m not out of sync.
> >>
> >>         My thought is to register one claim for CWT that is an entire
> >>         CoSWID (in CDDL the concise-swid-tag).
> >>
> >>         That way CoSWID can grow and develop on its own without lots
> >>         of adds and subtracts to the CWT registry. It has its own IANA
> >>         registry with its own experts and such. Seems like the
> >>         coupling / factoring is about right.
> >>
> >>         This would also be the way I’d like to have it in EAT
> >>         attestation. We’ve done a mini version of this with the
> >>         location claim
> >>         <
> https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-rats-eat-01%23section-3.8&data=02%7C01%7Cdavid.waltermire%40nist.gov%7C92a2dcbadd8d47661b9608d76e282847%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637098991070426961&sdata=%2Fhi008Am2dlY6tBQHdPVVGZzEcWNmqd5MvgPOM14jE8%3D&reserved=0
> >.
> >>
> >>         Then if you just want to sign a CoSWID CWT style, this works
> >>         pretty well too. It has a slight overhead compared to having
> >>         all the CoSWID data items as direct CWT claims in that it will
> >>         have an additional map layer, but that is only about three
> bytes.
> >>
> >>         LL
> >>
> >>         _______________________________________________
> >>         RATS mailing list
> >>         RATS@ietf.org <mailto:RATS@ietf.org>
> >>         https://www.ietf.org/mailman/listinfo/rats
> >>         <
> https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Frats&data=02%7C01%7Cdavid.waltermire%40nist.gov%7C92a2dcbadd8d47661b9608d76e282847%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637098991070426961&sdata=fdpXMIU%2BNkMSn3RJ4X5AsSuMU7pbokHXltsX8ZYP9E0%3D&reserved=0
> >
> >>
> >>     _______________________________________________
> >>     sacm mailing list
> >>     sacm@ietf.org <mailto:sacm@ietf.org>
> >>     https://www.ietf.org/mailman/listinfo/sacm
> >>     <
> https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsacm&data=02%7C01%7Cdavid.waltermire%40nist.gov%7C92a2dcbadd8d47661b9608d76e282847%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637098991070436893&sdata=okSPAqVHj9KBxPtViQdnffsfhlMF4t0%2F87PXXY78fA0%3D&reserved=0
> >
> >>
> >>
> >>
> >> --
> >>
> >> Best regards,
> >> Kathleen
> >
> > _______________________________________________
> > sacm mailing list
> > sacm@ietf.org
> > https://www.ietf.org/mailman/listinfo/sacm
> >
>


-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email