Re: [sacm] [Rats] CoSWID and EAT and CWT
"Smith, Ned" <ned.smith@intel.com> Thu, 21 November 2019 17:01 UTC
Return-Path: <ned.smith@intel.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05BE7120B44; Thu, 21 Nov 2019 09:01:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.097
X-Spam-Level:
X-Spam-Status: No, score=-4.097 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QP0L6PNZlmMf; Thu, 21 Nov 2019 09:01:50 -0800 (PST)
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0693A12084B; Thu, 21 Nov 2019 09:01:50 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Nov 2019 09:01:49 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.69,226,1571727600"; d="scan'208,217";a="381797242"
Received: from orsmsx104.amr.corp.intel.com ([10.22.225.131]) by orsmga005.jf.intel.com with ESMTP; 21 Nov 2019 09:01:49 -0800
Received: from orsmsx153.amr.corp.intel.com (10.22.226.247) by ORSMSX104.amr.corp.intel.com (10.22.225.131) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 21 Nov 2019 09:01:49 -0800
Received: from orsmsx109.amr.corp.intel.com ([169.254.11.161]) by ORSMSX153.amr.corp.intel.com ([169.254.12.169]) with mapi id 14.03.0439.000; Thu, 21 Nov 2019 09:01:49 -0800
From: "Smith, Ned" <ned.smith@intel.com>
To: "Waltermire, David A. (Fed)" <david.waltermire=40nist.gov@dmarc.ietf.org>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
CC: "rats@ietf.org" <rats@ietf.org>, Ira McDonald <blueroofmusic@gmail.com>, sacm <sacm@ietf.org>, Laurence Lundblade <lgl@island-resort.com>
Thread-Topic: [Rats] [sacm] CoSWID and EAT and CWT
Thread-Index: AQHVoG8Mmfd0MJQUgU+DKiylINck/aeV2dmA
Date: Thu, 21 Nov 2019 17:01:48 +0000
Message-ID: <CFA72C1A-3DEE-40D0-862E-EC0B512F733B@intel.com>
References: <BN7PR09MB2819D797B89183218BEFA823F04E0@BN7PR09MB2819.namprd09.prod.outlook.com> <922EA164-FB96-4245-A46C-6520809E6311@gmail.com> <5r0dnrkillm4odhp4it9ejl8.1574342669212@email.android.com>
In-Reply-To: <5r0dnrkillm4odhp4it9ejl8.1574342669212@email.android.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1f.0.191110
x-originating-ip: [10.255.231.167]
Content-Type: multipart/alternative; boundary="_000_CFA72C1A3DEE40D0862EEC0B512F733Bintelcom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/bfqtJ4D5N4NqvRr6cQuG45ao4yQ>
Subject: Re: [sacm] [Rats] CoSWID and EAT and CWT
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Nov 2019 17:01:53 -0000
I think there are two conversations that could make sense (1) definition of a software integrity claim that can be asserted by an Attester as Evidence; (2) definition of a software integrity claim that can be asserted by an Endorser (aka supply chain entity) as Endorsement. In (1) there is interest in an EAT token definition that likely will result in a JWT/CWT realization and signature. Possibly it makes sense to include an unsigned CoSWID / SWID structure inside a JWT/CWT or it makes sense to deviate from the JWT/CWT realization but keep the information and data model claims definition but allow use of CoSWID native signatures. In (2) this is technically out of scope for RATS. However, it could result in a CoSWID / SWID structure using the built in signature method. It isn’t known yet if a token (CWT/JWT) realization makes sense for Endorsers. From: RATS <rats-bounces@ietf.org> on behalf of "Waltermire, David A. (Fed)" <david.waltermire=40nist.gov@dmarc.ietf.org> Date: Thursday, November 21, 2019 at 5:24 AM To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Cc: "rats@ietf.org" <rats@ietf.org>, Ira McDonald <blueroofmusic@gmail.com>, sacm <sacm@ietf.org>, Laurence Lundblade <lgl@island-resort.com> Subject: Re: [Rats] [sacm] CoSWID and EAT and CWT Ok. Can you send some text? Thanks, Dave -------- Original Message -------- From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Date: Thu, November 21, 2019 7:38 PM +0800 To: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov> CC: Ira McDonald <blueroofmusic@gmail.com>, rats@ietf.org, sacm <sacm@ietf.org>, Laurence Lundblade <lgl@island-resort.com> Subject: Re: [sacm] [Rats] CoSWID and EAT and CWT Sent from my mobile device On Nov 20, 2019, at 11:29 PM, Waltermire, David A. (Fed) <david.waltermire@nist.gov> wrote: It sounds like having a CWT claim that contains an entire CoSWID is a path forward. It may also make sense to do something similar for ISO SWID tags. Am I right in thinking that this CWT work can be done in RATS, referencing CoSWID once it is published as a normative reference? This would allow CoSWID to go forward to the IESG, while the CoSWID CWT claim is worked in parallel in RATS. Kathleen, if this is true, does this way forward address your CWT-related comments? Hi Dave, I think the signature may have to be on the CWT as opposed to on the claim that is the CoSWID or SWID. We can define it fully in another draft, but should state it here so that option is understood. It’s a simple write up, I think. Thank you, Kathleen Regards, Dave ________________________________ From: sacm <sacm-bounces@ietf.org> on behalf of Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Sent: Wednesday, November 20, 2019 9:10 PM To: Ira McDonald <blueroofmusic@gmail.com> Cc: rats@ietf.org <rats@ietf.org>; sacm <sacm@ietf.org>; Laurence Lundblade <lgl@island-resort.com> Subject: Re: [sacm] [Rats] CoSWID and EAT and CWT Great, thanks Laurence. If that's easier I think having the CoSWID in one claim should be ok and would have the same result as the suggestion I made. Changing the CoSWID format is a big enough process that it shouldn't happen very often. Best regards, Kathleen On Wed, Nov 20, 2019 at 8:00 PM Ira McDonald <blueroofmusic@gmail.com<mailto:blueroofmusic@gmail.com>> wrote: Hi Laurence, That seems like a good suggestion for a simple way to integrate CoSWID content into EAT. Cheers, - Ira Ira McDonald (Musician / Software Architect) Co-Chair - TCG Trusted Mobility Solutions WG Co-Chair - TCG Metadata Access Protocol SG Chair - Linux Foundation Open Printing WG Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG IETF Designated Expert - IPP & Printer MIB Blue Roof Music / High North Inc http://sites.google.com/site/blueroofmusic<https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsites.google.com%2Fsite%2Fblueroofmusic&data=02%7C01%7Cdavid.waltermire%40nist.gov%7C85a323f673924389c45e08d76e7745e5%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637099330879448050&sdata=HNKKsYDUx5jZoxujKDqJicqUBZ9oe9mxXcTjJ1JlhHM%3D&reserved=0> http://sites.google.com/site/highnorthinc<https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsites.google.com%2Fsite%2Fhighnorthinc&data=02%7C01%7Cdavid.waltermire%40nist.gov%7C85a323f673924389c45e08d76e7745e5%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637099330879448050&sdata=PPUqVo1NgGXTgtO10NkLvTHqh5OEqfAeoObWvguIzwY%3D&reserved=0> mailto: blueroofmusic@gmail.com<mailto:blueroofmusic@gmail.com> PO Box 221 Grand Marais, MI 49839 906-494-2434 On Wed, Nov 20, 2019 at 7:35 PM Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>> wrote: Hi, I’m not on the SACM list, but did look at the archive. Hopefully I’m not out of sync. My thought is to register one claim for CWT that is an entire CoSWID (in CDDL the concise-swid-tag). That way CoSWID can grow and develop on its own without lots of adds and subtracts to the CWT registry. It has its own IANA registry with its own experts and such. Seems like the coupling / factoring is about right. This would also be the way I’d like to have it in EAT attestation. We’ve done a mini version of this with the location claim<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-rats-eat-01%23section-3.8&data=02%7C01%7Cdavid.waltermire%40nist.gov%7C85a323f673924389c45e08d76e7745e5%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637099330879458044&sdata=ssqf1hrDm3bHXDTpewMd%2BhxK9Yh7mNDfmJH%2B9Lk8JsM%3D&reserved=0>. Then if you just want to sign a CoSWID CWT style, this works pretty well too. It has a slight overhead compared to having all the CoSWID data items as direct CWT claims in that it will have an additional map layer, but that is only about three bytes. LL _______________________________________________ RATS mailing list RATS@ietf.org<mailto:RATS@ietf.org> https://www.ietf.org/mailman/listinfo/rats<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Frats&data=02%7C01%7Cdavid.waltermire%40nist.gov%7C85a323f673924389c45e08d76e7745e5%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637099330879458044&sdata=K4z%2BpZK5s6Ng%2B7amizoONuHllxjshmG5aTzP3yO8adU%3D&reserved=0> _______________________________________________ sacm mailing list sacm@ietf.org<mailto:sacm@ietf.org> https://www.ietf.org/mailman/listinfo/sacm<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsacm&data=02%7C01%7Cdavid.waltermire%40nist.gov%7C85a323f673924389c45e08d76e7745e5%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637099330879468039&sdata=JviOvpKGQLNyMiV2fEFSE1qZA3XosOoECBCQuiTK4Lo%3D&reserved=0> -- Best regards, Kathleen
- [sacm] CoSWID and EAT and CWT Laurence Lundblade
- Re: [sacm] [Rats] CoSWID and EAT and CWT Ira McDonald
- Re: [sacm] [Rats] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [sacm] [Rats] CoSWID and EAT and CWT Waltermire, David A. (Fed)
- Re: [sacm] [Rats] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [sacm] [Rats] CoSWID and EAT and CWT Waltermire, David A. (Fed)
- Re: [sacm] [Rats] CoSWID and EAT and CWT Smith, Ned
- Re: [sacm] [Rats] CoSWID and EAT and CWT Hannes Tschofenig
- Re: [sacm] [Rats] CoSWID and EAT and CWT Laurence Lundblade
- Re: [sacm] [Rats] CoSWID and EAT and CWT Henk Birkholz
- Re: [sacm] [Rats] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [sacm] [Rats] CoSWID and EAT and CWT Smith, Ned
- Re: [sacm] [Rats] CoSWID and EAT and CWT Henk Birkholz
- Re: [sacm] [Rats] CoSWID and EAT and CWT Henk Birkholz
- Re: [sacm] [Rats] CoSWID and EAT and CWT Thomas Fossati
- Re: [sacm] [Rats] CoSWID and EAT and CWT Laurence Lundblade
- Re: [sacm] [Rats] CoSWID and EAT and CWT Thomas Fossati
- Re: [sacm] [Rats] CoSWID and EAT and CWT Henk Birkholz
- Re: [sacm] [Rats] CoSWID and EAT and CWT Henk Birkholz
- Re: [sacm] [Rats] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [sacm] [Rats] CoSWID and EAT and CWT Thomas Fossati
- Re: [sacm] [Rats] CoSWID and EAT and CWT Adrian Shaw
- Re: [sacm] [Rats] CoSWID and EAT and CWT Henk Birkholz
- Re: [sacm] [Rats] CoSWID and EAT and CWT Henk Birkholz
- Re: [sacm] [Rats] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [sacm] [Rats] CoSWID and EAT and CWT Thomas Fossati
- Re: [sacm] [Rats] CoSWID and EAT and CWT Laurence Lundblade
- Re: [sacm] [Rats] CoSWID and EAT and CWT Henk Birkholz
- Re: [sacm] [Suit] [Rats] CoSWID and EAT and CWT Brendan Moran
- Re: [sacm] [Suit] [Rats] CoSWID and EAT and CWT Michael Richardson
- Re: [sacm] [Rats] [Suit] CoSWID and EAT and CWT Kathleen Moriarty
- Re: [sacm] [Suit] [Rats] CoSWID and EAT and CWT Smith, Ned
- Re: [sacm] [Rats] [Suit] CoSWID and EAT and CWT Laurence Lundblade
- Re: [sacm] [Suit] [Rats] CoSWID and EAT and CWT Michael Richardson
- Re: [sacm] [Suit] [Rats] CoSWID and EAT and CWT Henk Birkholz
- Re: [sacm] [Suit] [Rats] CoSWID and EAT and CWT Smith, Ned
- Re: [sacm] [Suit] [Rats] CoSWID and EAT and CWT Michael Richardson
- Re: [sacm] [Suit] [Rats] CoSWID and EAT and CWT Smith, Ned