Re: [sacm] Usage of CWT Discussion
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 19 November 2019 08:49 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 715E61208D4 for <sacm@ietfa.amsl.com>; Tue, 19 Nov 2019 00:49:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xJ2DrmE27CI1 for <sacm@ietfa.amsl.com>; Tue, 19 Nov 2019 00:49:40 -0800 (PST)
Received: from mail-oi1-x22f.google.com (mail-oi1-x22f.google.com [IPv6:2607:f8b0:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02A311208C9 for <sacm@ietf.org>; Tue, 19 Nov 2019 00:49:40 -0800 (PST)
Received: by mail-oi1-x22f.google.com with SMTP id o12so8043629oic.9 for <sacm@ietf.org>; Tue, 19 Nov 2019 00:49:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=S9WZTz5Cc1h3fWskDMIoIcWW89O7TilUa7jnxxZX8fM=; b=cTjOOihZUcH/CeYg+qfwfU+7gnTUydzbz9RIVCILWAsUBY4hvgVpjxjvl8/PO8Vpgn sKq7hg5JoF38qiMtfeEvmVVchFHqXKr5vQk7N3svS38V69jEHYiMXXUQbM8tJl9ewlEz hxs97ZVm3JWuOJnrbIlzCRp17/Oo9NKY61+qFXYtkUMx4WDFBv2K2LSaAfilFTjvi31I QDGE9fMLXEdpuF2JcHtAT7JLD9fP4SSLzZ+vlL3gQ5ukntbiCTCvMsTRDbnqyPqiDK9N jwvi5KKOqKZg+m5SWLwqIn7HvJI4at7uo28DbPk454pZj3rtjrrOkKX1EwemxmHxHxmO AL6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=S9WZTz5Cc1h3fWskDMIoIcWW89O7TilUa7jnxxZX8fM=; b=U0xQqdkqykRoC3HY+quujAoYNedioJZ990AjPcoZ4Bh5Vz1elm+MQ7fVF3WnGLsZPp nH1gxvb10zj6oJqg784SMKw2X6peEVXvbyP1VpQJysCLnc/aW+lYTMWSbpSgnEiBTqU3 M+Axrj3vc0J3s2vlyOXKBLUDuSPGobFxeJ/i+ThNEXxGUNZhKZsqLj0eVNVwokrjOyWl cwj9gvrHY7j8ThjWJa0Je1WlKA6G10qCnz8OGfUCmO8gZ8Nd5PspBgsoHR5YwptdFgUF 4wwFtvhlAK7YQzv9t7+TbFMNOUstucBZXTcLLN0Vqeln0tOcNhJhWwAaVfrSw1TTV5YQ Mujw==
X-Gm-Message-State: APjAAAWwtiuN07rFafvQgByRcGuaHGiUbPwMhYSaAKExV3jE50ClEpvQ Ex1K1FV9KLx/pvmezUctCvvkN3K+GVclrxr6f5RCyz20
X-Google-Smtp-Source: APXvYqxUwlny8DSI8uQKOvyqqORTltkMFMjHAVAWYS4tsRL3GsVLhe5oIkTt+Duh/lw0VPi+IoN60Vrcf2gnGKWvhgk=
X-Received: by 2002:a54:400d:: with SMTP id x13mr2931724oie.119.1574153379334; Tue, 19 Nov 2019 00:49:39 -0800 (PST)
MIME-Version: 1.0
References: <CY1PR00MB0089A7F64553AC0385A6DBA0A64C0@CY1PR00MB0089.namprd00.prod.outlook.com>
In-Reply-To: <CY1PR00MB0089A7F64553AC0385A6DBA0A64C0@CY1PR00MB0089.namprd00.prod.outlook.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Tue, 19 Nov 2019 03:49:03 -0500
Message-ID: <CAHbuEH4_VHOwR12kd9VeWtZuQZt-NAOuXv6GrO_pizGaArFT3w@mail.gmail.com>
To: Anthony Nadalin <tonynad=40microsoft.com@dmarc.ietf.org>
Cc: "sacm@ietf.org" <sacm@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ff4f800597af244f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/VoT5DloWsb3RkYadkFQWLq9288s>
Subject: Re: [sacm] Usage of CWT Discussion
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Nov 2019 08:49:45 -0000
Thanks, Tony. The use case I was interested in with this would be that the originator of the software provided their signature over the CoSWID value using an EAT. This could be interesting to reuse a format that is likely to be widely used, just for the signature verification and use of nested packages (verify the expected private key was used to sign the CoSWID). You'd just be verifying the signature as being from the originator and perhaps some other claims may get added around the security testing or provenance. Best regards, Kathleen On Tue, Nov 19, 2019 at 2:28 AM Anthony Nadalin <tonynad= 40microsoft.com@dmarc.ietf.org> wrote: > The pre-defined optional claims are there so that profiles that want to > use them can when they make sense. There is no requirement that profiles > use any of the pre-defined claims. SACM can register their own entirely new > set of claims in the IANA CWT Claims registry at > https://www.iana.org/assignments/cwt/cwt.xhtml if they choose to Or they > can use some standard claims and some profile-defined claims. > > > > So I see no reason not to just support CWT with the exiting claims you > have and register them as CWT claims > > > _______________________________________________ > sacm mailing list > sacm@ietf.org > https://www.ietf.org/mailman/listinfo/sacm > -- Best regards, Kathleen
- [sacm] Usage of CWT Discussion Anthony Nadalin
- Re: [sacm] Usage of CWT Discussion Kathleen Moriarty