IETF Logo Mail Archive

Re: [sacm] [Rats] CoSWID and EAT and CWT

Thomas Fossati <Thomas.Fossati@arm.com> Tue, 26 November 2019 23:51 UTC

Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6223120A30; Tue, 26 Nov 2019 15:51:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=U1U7m1Of; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=armh.onmicrosoft.com header.b=Nxs+AtOt
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IbLUJNggouBj; Tue, 26 Nov 2019 15:51:31 -0800 (PST)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40087.outbound.protection.outlook.com [40.107.4.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DAF11209AA; Tue, 26 Nov 2019 15:51:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1cPNU1647ip3In+MYWlt3bvIlf3qMVaFk/SRBgPDte8=; b=U1U7m1OfwYsVHT6qbl+QmW+JOljJfI83U6Y2p3PZeojTKiREpw39pbS187S/bnfX0Xi5QuzxAa/gPXn/XBu7iThZDkDrzWSScCM4J8ELX/BRYFNqwE8wMecm7jTjatF1dDW//8dD5IfCgdNtTQeCmkBt9blrv1hTyFUpiWG4wK0=
Received: from AM6PR08CA0045.eurprd08.prod.outlook.com (2603:10a6:20b:c0::33) by AM6PR08MB3832.eurprd08.prod.outlook.com (2603:10a6:20b:89::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.19; Tue, 26 Nov 2019 23:51:28 +0000
Received: from DB5EUR03FT038.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e0a::208) by AM6PR08CA0045.outlook.office365.com (2603:10a6:20b:c0::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.17 via Frontend Transport; Tue, 26 Nov 2019 23:51:28 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT038.mail.protection.outlook.com (10.152.21.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.17 via Frontend Transport; Tue, 26 Nov 2019 23:51:28 +0000
Received: ("Tessian outbound f7868d7ede10:v33"); Tue, 26 Nov 2019 23:51:27 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: b211a5a767be29bc
X-CR-MTA-TID: 64aa7808
Received: from a7a70e19e90e.2 (ip-172-16-0-2.eu-west-1.compute.internal [104.47.9.58]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id 1CDEC441-9496-4453-BF5D-EF67D4CC7BDD.1; Tue, 26 Nov 2019 23:51:22 +0000
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-ve1eur03lp2058.outbound.protection.outlook.com [104.47.9.58]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id a7a70e19e90e.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 26 Nov 2019 23:51:22 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q7cqaFXMTsFbkPJci+P6hn9epdSrNG6wSoyRTGQ1hMdHGtw/eoo5HUtl0pH525XqNuBHbO4wZF8Yl83DbnspMcoxRjRwbMXlnYmShFiHJm2zx0++iKAoSuNVC6tAwF71x9+FOtbiaTd06m3Y+F4x3V+D9CdOnWSmK2nMM6aO1oPjgl2lVjx6/y+TvQyB1bZOVfQ6lewg0ick0AT5/ZORiS0ky9aCrQ0QRIg7SGZAAwo9ru/R2jwT2qqBrR8OcGsR3zrrHLbIctirbd+8J7h2YCYWKtFsuiRaKCGDUp5y1YeF2m5b1w0VC0USvDNwZTXMsmoP7LpumftNQ8uARAqsyA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dkcIg7GKCHxheroZA2CKAR5i2r7bq9FQSCHpmLddj/Y=; b=HIICmRddl0pZ/WQFSh450m9T6KNBLLiwF81MGMmORG7MwuPZI+NUG0A6kWwRe268hEpvPKpPb2dCDV1XgMCmOfuCrhjo7q8ZIb4Fw0u9bVThZEREIQ28l/PIGHRxPSbblPtkPMjzbmjFLy1pLh1Ok256RS2V/5JRkhhJH/4mmlpounKCzBlrxvTs8X89ZFXinnrIWrwb/GPv/HNKbaRFH1MKEXXlmFXxQ2N5LYhFoY8SU6c6Lk/bzFZOet23GCguQKEP6972rcY5IbFn6rqdwJUiUNpIyqeDnKQVqnNutTKzlNWlPvPIcpWMdu2tUPCvilxN5eDYP7WusOx+UU7afg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dkcIg7GKCHxheroZA2CKAR5i2r7bq9FQSCHpmLddj/Y=; b=Nxs+AtOtp3r+Eu32LMK8YAAFE1+xbZ8Kc3BszZ0VZWTLdA1ChBgBc+yNEx9r4Q0VTDij5pPBqH/6KQPWNLIpfyKyb7i2Kc64HnZwNIXvcxXs+roWexHLvuD/GW5WtZmC4Vi37uzP93jMs+cvKMOZMymb4PXDGRXyahbdIle4/hE=
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com (20.179.18.151) by AM6PR08MB3398.eurprd08.prod.outlook.com (20.177.115.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.21; Tue, 26 Nov 2019 23:51:21 +0000
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::e8f5:4b6f:34b7:47a4]) by AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::e8f5:4b6f:34b7:47a4%7]) with mapi id 15.20.2495.014; Tue, 26 Nov 2019 23:51:20 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Laurence Lundblade <lgl@island-resort.com>, "sacm@ietf.org" <sacm@ietf.org>, "rats@ietf.org" <rats@ietf.org>
CC: Thomas Fossati <Thomas.Fossati@arm.com>
Thread-Topic: [Rats] CoSWID and EAT and CWT
Thread-Index: AQHVoAOFHbeRQea3TEO+3tpXPiFPYKeWUfEAgAfW1QA=
Date: Tue, 26 Nov 2019 23:51:20 +0000
Message-ID: <60C4E362-02FD-4DDF-BFB4-D09D358282D4@arm.com>
References: <2A12D8A3-722A-44D1-8011-218C89C8B50B@island-resort.com> <VI1PR08MB5360236E3583EBD3A78085EDFA490@VI1PR08MB5360.eurprd08.prod.outlook.com>
In-Reply-To: <VI1PR08MB5360236E3583EBD3A78085EDFA490@VI1PR08MB5360.eurprd08.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1f.0.191110
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
x-originating-ip: [82.11.185.80]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 96bec531-2d1d-4655-ce8d-08d772cb8e03
X-MS-TrafficTypeDiagnostic: AM6PR08MB3398:|AM6PR08MB3398:|AM6PR08MB3832:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <AM6PR08MB3832AFAE768A424907CFC5C39C450@AM6PR08MB3832.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
x-ms-oob-tlc-oobclassifiers: OLM:7219;OLM:7219;
x-forefront-prvs: 0233768B38
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(346002)(366004)(39860400002)(396003)(136003)(376002)(53754006)(199004)(189003)(7736002)(11346002)(86362001)(446003)(2616005)(186003)(6116002)(305945005)(3846002)(76116006)(91956017)(5660300002)(66446008)(64756008)(66556008)(66946007)(229853002)(2201001)(71200400001)(81156014)(8676002)(26005)(110136005)(36756003)(66066001)(256004)(8936002)(6436002)(478600001)(6486002)(2906002)(102836004)(81166006)(71190400001)(58126008)(316002)(14454004)(25786009)(33656002)(2501003)(6506007)(66476007)(53546011)(76176011)(6512007)(4326008)(6246003)(99286004); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB3398; H:AM6PR08MB4231.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: FpPRbQEez8s1r2Cm7FwaZh3+SYdnShh6Mvg/tl3Si+mFUwC8gIPjLrr1roTwhTCwHcFHUupMgSXvH7qqqHBNNTGir2nKvhXYz1g+Tj7ytq4WmSEY4xa0nNVDPRxsUE4/u6kQ+jw9XjXXFCLRZKV4jBKxBj6J49EivJ9lzeyvHjnZ6kba0fS3YDJypDyz+8Ut+ZWEs2DDeh5kNYOIJwZxRuZrrraVo1OkVo7GDRPE7VceqnRB9RIWtWyEiRlylo7kCB7IPM1gblnOJcO9RxcovkuHbP8sRRzzGUvh79otpuAg21/G2k/Vr5o7dUoG6shWKnAA/Xz9GktLKS5JYzN8e3Sjcibh4rAxRJViPn2H7f4qglhJaWlE1CgfVPmCpaWjQ0XouTBio/6ikTOPR+7MaRdX3LktGKu01K2UihC5V7YaLu+PgDY/wn2BWvZ2J7rZ
Content-Type: text/plain; charset="utf-8"
Content-ID: <A0CCDBCE3F8FFA45BC783A4563EE3EED@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3398
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT038.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(136003)(376002)(396003)(346002)(39860400002)(199004)(189003)(53754006)(40434004)(26826003)(356004)(3846002)(7736002)(229853002)(6116002)(33656002)(22756006)(305945005)(436003)(81166006)(47776003)(6486002)(81156014)(478600001)(8936002)(50466002)(106002)(26005)(14454004)(102836004)(5660300002)(36756003)(53546011)(86362001)(2201001)(6506007)(6246003)(2906002)(25786009)(186003)(66066001)(70206006)(70586007)(110136005)(99286004)(76176011)(2486003)(23676004)(8676002)(4326008)(450100002)(11346002)(2616005)(336012)(316002)(2501003)(5024004)(76130400001)(14444005)(446003)(6512007)(58126008); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB3832; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:Pass; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; A:1; MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 2cfd2fab-4bbf-4e90-674c-08d772cb89a4
X-Forefront-PRVS: 0233768B38
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: iPyYs8xs2WyEkK0goeBc3ncwJj6r/L4XjsDSCN3OizHUwZDLAKrNLREYMp8V9aDfCmUvn/9lo0l8XAPwjx5km19RKD1kYmSZjjWJGjR+8G8qF7O6/HHrXsQ4ogI//QOBX6rzVh6A676E7D+d4RmSdtXLkphTAF5hnQg+/IJj4LNX7jMqFIrKf5BCLTrbtDvMJAo56kYxh8ssJde0aGN2ZdwU4EdeSlYqqHeXPaGQLOgWTqXK8VgxJBQJL0iBVaaheI83wRuoTjeyaQFpU7pGqOkVpV8RpiBUvXKlho1/L199PEFigQOn4dXZAidsFPCd7eBKZXOBepcAa+QfoamIxL7WzvtcsAb+AqmuxWJ6J2RxphgQ3LVu7sNJAvQGiU3UtFZ71Doa2ThsYc8dLGcC7It90tS4NEkHlZuk2dDeqLAa40mIbfFcbhPjHWF8LbN/
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Nov 2019 23:51:28.2105 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 96bec531-2d1d-4655-ce8d-08d772cb8e03
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3832
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/KfSpKI7J29JGg96Xo5drNE0-VcQ>
Subject: Re: [sacm] [Rats] CoSWID and EAT and CWT
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Nov 2019 23:51:34 -0000

Hi Hannes,

On 22/11/2019, 00:08, Hannes.Tschofenig@arm.com> wrote:
> Hi all
>
> Can someone send an example around how this would actually look like?

For something such as TF-M, it should look like this:

{
  / tag-id, globally unique identifier for the software component /
  0: "trustedfirmware.org/TF-M",

  / tag-version (here: 0, i.e. initial tag) /
  12: 0,

  / software component name /
  1: "TF-M",

  / version of the software component /
  13: "1.0.0-rc1+build.123",

  / (optional) version scheme (here: semver) /
  14: 16384,

  / entity, i.e. organizations responsible for producing or releasing
    the software component /
  2: {
    / entity name /
    31: "Linaro Limited",

    / entity role (here: software creator) /
    33: 2,

    / thumbprint of the entity public key (algo -- here; SHA-256 -- and value) /
    34: [
      1,
      h'5e73c2e6a96be594e56b218418a3ea03f1397934a2517d781855195fe3c5916b'
    ]
  },

  / payload /
  6: {
    / filesystem item (name and hash) /
    17: {
      24: "tfm.bin",
      7: [
        1,
        h'4a039f284d8ad68ca5b4d1592977c7c964c4abb5d08d87e4a0346b80cce5c74d'
      ]
    }
  }
}

At least this would be my interpretation of the CoSWID draft.  I'm a bit
unsure whether a "filesystem" item is the most appropriate payload for a
firmware thingy.  Surely Henk can suggest something better.

Cheers!


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email