Re: [Suit] [sacm] [Rats] CoSWID and EAT and CWT

Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Fri, 22 November 2019 17:06 UTC

Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08DCB1208F6; Fri, 22 Nov 2019 09:06:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eMD7e5Gi6UAM; Fri, 22 Nov 2019 09:06:55 -0800 (PST)
Received: from mailext.sit.fraunhofer.de (mailext.sit.fraunhofer.de [141.12.72.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FB551208E6; Fri, 22 Nov 2019 09:06:54 -0800 (PST)
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.15.2/8.15.2/Debian-10) with ESMTPS id xAMH6o6Q022056 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA256 bits=128 verify=NOT); Fri, 22 Nov 2019 18:06:51 +0100
Received: from [192.168.43.221] (80.187.105.118) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.468.0; Fri, 22 Nov 2019 18:06:45 +0100
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
CC: "rats@ietf.org" <rats@ietf.org>, Ira McDonald <blueroofmusic@gmail.com>, sacm <sacm@ietf.org>, Laurence Lundblade <lgl@island-resort.com>, "suit@ietf.org" <suit@ietf.org>
References: <BN7PR09MB2819D797B89183218BEFA823F04E0@BN7PR09MB2819.namprd09.prod.outlook.com> <922EA164-FB96-4245-A46C-6520809E6311@gmail.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <01f09bc9-bd79-89da-243d-cd766f297a5b@sit.fraunhofer.de>
Date: Fri, 22 Nov 2019 18:06:40 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <922EA164-FB96-4245-A46C-6520809E6311@gmail.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [80.187.105.118]
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/b6qSk5wZnXtyo34UEjIN6gIncRg>
Subject: Re: [Suit] [sacm] [Rats] CoSWID and EAT and CWT
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Nov 2019 17:06:58 -0000

Hi Kathleen,
hi SACM, SUIT & RATS list,

the corresponding *SWID authors discussed this issue and are proposing:

> https://github.com/ietf-rats-wg/eat/issues/46

This includes an extended scope to include the option of SUIT Manifest 
related Claim values, next to various *SWID Claim values. We permutated 
"signed" & "not-signed" as well as "payload tags" and "evidence tags" 
for *SWID tags in this proposal. The authors are convinced that the 
"not-signed" variants are of essence (as CWT does not allow "not-signed 
CBOR items", but also do not imply any implications to the SUIT Manifest 
Claim definition (although there are strong similarities and there could 
be some).

The current *SWID contributors prefer this contribution as a parallel 
effort to the EAT I-D, SUIT Manifest I-D, the CoSWID I-D and existing 
ISO XML SWID standard. This proposal includes the primitive to not delay 
corresponding IETG I-D in their respective WGs.

Having said that, we would like to get feedback for the proposal 
references above.

If there is no dissent or push-back on either the SUIT, SACM, and RATS 
lists, our proposed way forward is a unified creation of EAT Claim Sets 
in the RATS WG that enables the use of various *SWID variants & the SUIT 
Manifest as payloads for RATS via the RATS EAT I-D.

In summary, we would like to create this interop I-D in concert and 
welcome every joint effort in this domain.

Viele Grüße,

Henk

On 21.11.19 12:37, Kathleen Moriarty wrote:
> 
> 
> Sent from my mobile device
> 
>> On Nov 20, 2019, at 11:29 PM, Waltermire, David A. (Fed) 
>> <david.waltermire@nist.gov> wrote:
>>
>> 
>> It sounds like having a CWT claim that contains an entire CoSWID is a 
>> path forward. It may also make sense to do something similar for ISO 
>> SWID tags.
>>
>> Am I right in thinking that this CWT work can be done in RATS, 
>> referencing CoSWID once it is published as a normative reference? This 
>> would allow CoSWID to go forward to the IESG, while the CoSWID CWT 
>> claim is worked in parallel in RATS.
>>
>> Kathleen, if this is true, does this way forward address your 
>> CWT-related comments?
> 
> Hi Dave,
> 
> I think the signature may have to be on the CWT as opposed to on the 
> claim that is the CoSWID or SWID.  We can define it fully in another 
> draft, but should state it here so that option is understood.  It’s a 
> simple write up, I think.
> 
> Thank you,
> Kathleen
>>
>> Regards,
>> Dave
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>> *From:* sacm <sacm-bounces@ietf.org> on behalf of Kathleen Moriarty 
>> <kathleen.moriarty.ietf@gmail.com>
>> *Sent:* Wednesday, November 20, 2019 9:10 PM
>> *To:* Ira McDonald <blueroofmusic@gmail.com>
>> *Cc:* rats@ietf.org <rats@ietf.org>rg>; sacm <sacm@ietf.org>rg>; Laurence 
>> Lundblade <lgl@island-resort.com>
>> *Subject:* Re: [sacm] [Rats] CoSWID and EAT and CWT
>> Great, thanks Laurence.  If that's easier I think having the CoSWID in 
>> one claim should be ok and would have the same result as the 
>> suggestion I made.  Changing the CoSWID format is a big enough process 
>> that it shouldn't happen very often.
>>
>> Best regards,
>> Kathleen
>>
>> On Wed, Nov 20, 2019 at 8:00 PM Ira McDonald <blueroofmusic@gmail.com 
>> <mailto:blueroofmusic@gmail.com>> wrote:
>>
>>     Hi Laurence,
>>
>>     That seems like a good suggestion for a simple way to integrate
>>     CoSWID content
>>     into EAT.
>>
>>     Cheers,
>>     - Ira
>>
>>     Ira McDonald (Musician / Software Architect)
>>     Co-Chair - TCG Trusted Mobility Solutions WG
>>     Co-Chair - TCG Metadata Access Protocol SG
>>     Chair - Linux Foundation Open Printing WG
>>     Secretary - IEEE-ISTO Printer Working Group
>>     Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
>>     IETF Designated Expert - IPP & Printer MIB
>>     Blue Roof Music / High North Inc
>>     http://sites.google.com/site/blueroofmusic
>>     <https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsites.google.com%2Fsite%2Fblueroofmusic&data=02%7C01%7Cdavid.waltermire%40nist.gov%7C92a2dcbadd8d47661b9608d76e282847%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637098991070417006&sdata=GDIVVIesvqqXnuU6TtLbK7GJ4eI1b1EcYSPoXsHlj04%3D&reserved=0>
>>     http://sites.google.com/site/highnorthinc
>>     <https://gcc01.safelinks.protection..outlook.com/?url=http%3A%2F%2Fsites.google.com%2Fsite%2Fhighnorthinc&data=02%7C01%7Cdavid.waltermire%40nist.gov%7C92a2dcbadd8d47661b9608d76e282847%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637098991070417006&sdata=7z%2BoMcYSSFD8hAYHmELqNoyGAxTBE9gknbV6kAzKWX8%3D&reserved=0>
>>     mailto: blueroofmusic@gmail.com <mailto:blueroofmusic@gmail.com>
>>     PO Box 221  Grand Marais, MI 49839  906-494-2434
>>
>>
>>
>>     On Wed, Nov 20, 2019 at 7:35 PM Laurence Lundblade
>>     <lgl@island-resort.com <mailto:lgl@island-resort.com>> wrote:
>>
>>         Hi,
>>
>>         I’m not on the SACM list, but did look at the archive.
>>         Hopefully I’m not out of sync.
>>
>>         My thought is to register one claim for CWT that is an entire
>>         CoSWID (in CDDL the concise-swid-tag).
>>
>>         That way CoSWID can grow and develop on its own without lots
>>         of adds and subtracts to the CWT registry. It has its own IANA
>>         registry with its own experts and such. Seems like the
>>         coupling / factoring is about right.
>>
>>         This would also be the way I’d like to have it in EAT
>>         attestation. We’ve done a mini version of this with the
>>         location claim
>>         <https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-rats-eat-01%23section-3.8&data=02%7C01%7Cdavid.waltermire%40nist.gov%7C92a2dcbadd8d47661b9608d76e282847%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637098991070426961&sdata=%2Fhi008Am2dlY6tBQHdPVVGZzEcWNmqd5MvgPOM14jE8%3D&reserved=0>.
>>
>>         Then if you just want to sign a CoSWID CWT style, this works
>>         pretty well too. It has a slight overhead compared to having
>>         all the CoSWID data items as direct CWT claims in that it will
>>         have an additional map layer, but that is only about three bytes.
>>
>>         LL
>>
>>         _______________________________________________
>>         RATS mailing list
>>         RATS@ietf.org <mailto:RATS@ietf.org>
>>         https://www.ietf.org/mailman/listinfo/rats
>>         <https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Frats&data=02%7C01%7Cdavid.waltermire%40nist.gov%7C92a2dcbadd8d47661b9608d76e282847%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637098991070426961&sdata=fdpXMIU%2BNkMSn3RJ4X5AsSuMU7pbokHXltsX8ZYP9E0%3D&reserved=0>
>>
>>     _______________________________________________
>>     sacm mailing list
>>     sacm@ietf.org <mailto:sacm@ietf.org>
>>     https://www.ietf.org/mailman/listinfo/sacm
>>     <https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsacm&data=02%7C01%7Cdavid.waltermire%40nist.gov%7C92a2dcbadd8d47661b9608d76e282847%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637098991070436893&sdata=okSPAqVHj9KBxPtViQdnffsfhlMF4t0%2F87PXXY78fA0%3D&reserved=0>
>>
>>
>>
>> -- 
>>
>> Best regards,
>> Kathleen
> 
> _______________________________________________
> sacm mailing list
> sacm@ietf.org
> https://www.ietf.org/mailman/listinfo/sacm
>