IETF Logo Mail Archive

Re: [Teep] Comment on JSON support in TEEP OTrPv2 draft

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 23 July 2019 21:40 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 917981202E2 for <teep@ietfa.amsl.com>; Tue, 23 Jul 2019 14:40:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=mOS4UWt0; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=armh.onmicrosoft.com header.b=2kkR1A48
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h3XgJKH0O9I2 for <teep@ietfa.amsl.com>; Tue, 23 Jul 2019 14:40:45 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0620.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1f::620]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2998C120110 for <teep@ietf.org>; Tue, 23 Jul 2019 14:40:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=q+DP+oqr6YdGCsATAyc/LLEQXdSdjn75Ev2vYfAyKXQ=; b=mOS4UWt05I2u7CIrH/Ne9nBGFtoUDDC/InRqaSZeLLlUT74rSAMZNc2oIK81Kte76wN45yafR/If73GjpKMsHlx49MMucV8ckuJKqroUx9OwIpgoNwfns5cdKQpBwb+ifb0maqyAMRFgdup4dP8XpbuZKkw9cB+ZoioimVqv2SQ=
Received: from VI1PR0801CA0089.eurprd08.prod.outlook.com (2603:10a6:800:7d::33) by VE1PR08MB4958.eurprd08.prod.outlook.com (2603:10a6:803:110::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.17; Tue, 23 Jul 2019 21:40:41 +0000
Received: from VE1EUR03FT036.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e09::206) by VI1PR0801CA0089.outlook.office365.com (2603:10a6:800:7d::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.12 via Frontend Transport; Tue, 23 Jul 2019 21:40:41 +0000
Authentication-Results: spf=temperror (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=temperror action=none header.from=arm.com;
Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout)
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT036.mail.protection.outlook.com (10.152.19.204) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.18 via Frontend Transport; Tue, 23 Jul 2019 21:40:39 +0000
Received: ("Tessian outbound 12eb7eaf6da2:v24"); Tue, 23 Jul 2019 21:40:39 +0000
X-CR-MTA-TID: 64aa7808
Received: from 8f062985d050.1 (ip-172-16-0-2.eu-west-1.compute.internal [104.47.2.53]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id 23FE4B2A-B6B3-4744-AE31-19040B3BF212.1; Tue, 23 Jul 2019 21:40:34 +0000
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01lp2053.outbound.protection.outlook.com [104.47.2.53]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 8f062985d050.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384); Tue, 23 Jul 2019 21:40:34 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lUTo4D48zmgAmTScZJmIuRS+hbS2YT/gwh/0Cw/tplAMW3yqn5S3A3+Qi+t7sjl50Hn1ycBS+dh+h4M49fMr1Wk/9pRA+XOKMFFMM7gX2GDXGlqBNbnIiyepFVedjE9PJCcqQ6DVOFtW2pWacwcqAxjI/b12/ui9+17PV1fDr0fgMwO2Ocz9tT9pcCZQgw8X0oKCSMiLw+BDOih/xRlJ/7gSUHYw9i7XiAwKUfTIA9Zf3lFvFQNGHPUBdiueWfqv6i8lZYbFNmmSnSwkm/w0YoHp6b+DUwQXTxxMPd36t7skijYnV/J9Aa8sXlWPJf5d82WazR+DN8b5OfQDRK9GIg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i4zFe8kmDf0oelLtuVUlvHmI7v0pKD4AQNImf5V+hZo=; b=NDrJ3lmi1Myx9+Mpq29tMa3gJzd0p+OtA+vJfOyVXpN8G4nYniuqjg0UGvLaybX41U2q9wGHkDo1jMVzNxc24a1TWv6iRo4l/pquC8uGFHyT9xOirgWG54ZGWQfh+zkJXEC95IHnt04dhajsE6JyUfncyhSN82Asope49yR5e6V2W2JXo8UVPvbgorcxmlk6UAxeM5/3b58vaQAfqG7ofEzIvCoi9PkVQHqewjDdosiGODBhrZeP373O6mMIY3CqKS8O1/Yw4mPYe/FYhAYJ+tYgW8oSZzoTygs8gwpHJHHIJJAAd2QS9vLDBd87pxwX8U6SB/K0Xybu3oGdQML2Mw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=arm.com;dmarc=pass action=none header.from=arm.com;dkim=pass header.d=arm.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i4zFe8kmDf0oelLtuVUlvHmI7v0pKD4AQNImf5V+hZo=; b=2kkR1A48sA7td8FWjTL73heycV0Xy6dNJUuXNjAPWeu/L/arC3KCRJQz9Npsgc4eEC0rQFha/1FFDtZTFfBMI98I9MWg+I5iONcECvAdKOSLkmSFMciA8d46TnygyVMw66Jmv0BBm+FQj4XKIoZ9Lwk8ZGWGzstWtxv06RVm4GQ=
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com (52.133.244.88) by VI1PR08MB2638.eurprd08.prod.outlook.com (10.175.245.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Tue, 23 Jul 2019 21:40:32 +0000
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::e8f0:b69b:7f7a:c486]) by VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::e8f0:b69b:7f7a:c486%3]) with mapi id 15.20.2094.017; Tue, 23 Jul 2019 21:40:32 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Dave Thaler <dthaler@microsoft.com>
CC: "teep@ietf.org" <teep@ietf.org>
Thread-Topic: Comment on JSON support in TEEP OTrPv2 draft
Thread-Index: AdVBm/7p/+2+SshzR/qOX0J9Xs7iTQAApk2Q
Date: Tue, 23 Jul 2019 21:40:32 +0000
Message-ID: <VI1PR08MB536053A7A1DFB51A1D4F25A9FAC70@VI1PR08MB5360.eurprd08.prod.outlook.com>
References: <MWHPR21MB0784A8A93EFABF7224F086D5A3C70@MWHPR21MB0784.namprd21.prod.outlook.com>
In-Reply-To: <MWHPR21MB0784A8A93EFABF7224F086D5A3C70@MWHPR21MB0784.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=dthaler@ntdev.microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-07-23T21:29:56.7735738Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=653c2f77-7c3f-4071-b63e-672e0f250799; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic
x-ts-tracking-id: dba349fc-31ca-4ccb-8ba6-26df2b009977.0
x-checkrecipientchecked: true
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [2001:67c:1232:144:2015:8903:66f7:eb39]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: d25d2763-cce1-4d3b-1ebd-08d70fb667d4
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam-Untrusted: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:VI1PR08MB2638;
X-MS-TrafficTypeDiagnostic: VI1PR08MB2638:|VE1PR08MB4958:
X-Microsoft-Antispam-PRVS: <VE1PR08MB49580558E8EA3F3A5233B4DAFAC70@VE1PR08MB4958.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 0107098B6C
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(6029001)(4636009)(39860400002)(376002)(366004)(396003)(346002)(136003)(189003)(199004)(81156014)(102836004)(6246003)(4326008)(54896002)(68736007)(66556008)(76116006)(53936002)(66446008)(64756008)(71200400001)(8936002)(5660300002)(46003)(7696005)(66946007)(81166006)(256004)(2906002)(66476007)(53546011)(76176011)(478600001)(186003)(14444005)(45080400002)(33656002)(71190400001)(6506007)(8676002)(476003)(6306002)(790700001)(446003)(229853002)(1511001)(14454004)(316002)(11346002)(6916009)(6436002)(7736002)(74316002)(9686003)(52536014)(99286004)(55016002)(86362001)(486006)(25786009)(6116002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR08MB2638; H:VI1PR08MB5360.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info-Original: NnZgYzym+SmlFX9G43C1MgzfwE/Yo5309S4zlYwTV6j2Uc7uljgAuFYQNwDl4HSi8UTt8TKnEsS38I6L5+3CkNq7YnhpaI8uh89mrl8qWi5SaSjpUazVtXTJbg9jNH804RcJIfyctOBewzJubTti6qVnCTV2xoCGRDd0NC9w/1YPoD65Oz460o+tgvu83vr4nhqdszl2Fpa/dWtcjU0s+sDgMA2QzAINltJIxHTEkCdWulyxFapHSTdDbPt+MCakpOeFn4KVySzSCdPjebsOrtG+uvrnP2KmzWMkr3Ba3WXPmtwMCpqqqeC5Hn1BJGhwDMjBEXl4eoz6lgDIt/Uuo0JPpB1Tcl4g32mmE1LzO4ngC0HATCbrXTSbu5AfOpkdzsmtZSWLocLySenkT74R5t2dJNn9nOpYM7PO9nTA7lM=
Content-Type: multipart/alternative; boundary="_000_VI1PR08MB536053A7A1DFB51A1D4F25A9FAC70VI1PR08MB5360eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB2638
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT036.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(6029001)(4636009)(376002)(396003)(346002)(136003)(39860400002)(2980300002)(199004)(189003)(40434004)(476003)(478600001)(22756006)(25786009)(356004)(45080400002)(26826003)(11346002)(336012)(126002)(99286004)(63370400001)(486006)(6862004)(446003)(63350400001)(5660300002)(33656002)(55016002)(70206006)(76176011)(54896002)(70586007)(4326008)(36906005)(9686003)(7696005)(74316002)(7736002)(71190400001)(6506007)(6246003)(81166006)(52536014)(81156014)(6116002)(61614004)(790700001)(316002)(53546011)(76130400001)(8936002)(229853002)(16586007)(26005)(86362001)(14454004)(8676002)(186003)(102836004)(1511001)(5024004)(14444005)(2906002)(6306002); DIR:OUT; SFP:1101; SCL:1; SRVR:VE1PR08MB4958; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:TempError; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; A:1; MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: cc7e3bca-c42d-4c03-840a-08d70fb6635c
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(710020)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:VE1PR08MB4958;
X-Forefront-PRVS: 0107098B6C
X-Microsoft-Antispam-Message-Info: eu8JPT8mCkmNcvOcVqffhpttOHCNveCrN0oA/M4Yt0yW8rWv+Zx9DFWz/GeHZ1m7TUUq7SINwMEtpEHLipz+OzIM1Zqqg6ri1+eJTot6K89DiLWKnlZ1VGKuLzDGiLVfzrBoNn7SUGq/ZspeK7QqdRzDQShz/qJvK4WRnYrSDjBq2mcljdbLR+yrAMK+5yCxRQiTajWiCkUj1h6SKorUJxrMqj3IVW2vD5PzB4+wkiHK6gHEOH8nrlTwzAQnQ8tT3CZvW2BCt4K8gzfWgR0X+Uz5lD9uJNOEYzSFx4cpBB+CjpOWW5Wcx3pwvNFhj7AA5xEo4Df6XJGjKMBZNFKLy7zuXq+bOpDl2+a2B0MRcxuCNEHAda2b7UiTfYHCFP/Wh7BBTx7BnREWNQYQ4rpUCUWyaAkqiHPb383i9ipdUZ8=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jul 2019 21:40:39.5062 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d25d2763-cce1-4d3b-1ebd-08d70fb667d4
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR08MB4958
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/f-rGLQN0wSwDY5mUag22eD3AeWM>
Subject: Re: [Teep] Comment on JSON support in TEEP OTrPv2 draft
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 21:40:49 -0000

Thanks, Dave. I will look at the ways to best encode bstr.

The biggest problem I had was with referencing CDDL items that refer to the JOSE counterparts to this structure:

   Msg_AuthEnc_Wrapper = [ * (COSE_Mac_Tagged /
                              COSE_Sign_Tagged /
                              COSE_Mac0_Tagged /
                              COSE_Sign1_Tagged)]

Do you have an idea on how to solve that problem? I am not entirely sure there is even a CDDL description of JOSE.

Ciao
Hannes

From: Dave Thaler <dthaler@microsoft.com>
Sent: Dienstag, 23. Juli 2019 17:30
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: teep@ietf.org
Subject: Comment on JSON support in TEEP OTrPv2 draft

The OTrPv2 draft says it supports JSON and CBOR (which is great to see),
although in the meeting you correctly noted the JSON support isn't completely
specified.  The CDDL RFC (RFC 8610) does apply to JSON, as Appendix A explains,
as long as you only use the specific subset of CDDL specified there.

The current OTrPv2 draft does not, however, currently stick to that subset of CDDL.
For example, it uses "bstr" which Appendix A explains is not in that subset.
I think OTrPv2 can still be mapped to JSON, as long as you explain how
to map such types in the OTrPv2 JSON format.   (I am assuming we do NOT need
the ability for an intermediary to translate between CBOR and JSON, in which case
you'd need more than what I'm suggesting here.)


RFC 7493 was pointed out in the INTAREA WG, which species "a restricted profile of JSON
designed to maximize interoperability and increase confidence that
software can process it successfully with predictable results".  That is, it specifies
a profile of JSON, sort of like how RFC 8610 specifies a profile of CDDL.  Section 4 of
RFC 7493 in particular gives recommendations for how to map specific data types,
including binary data.

So I would suggest that the OTrPv2 doc talk about how to encode "bstr" (and any other
CDDL types missing from the profile in RFC 8610 Appendix A) into types within the CDDL
JSON profile, and reference relevant sections of RFC 7493, at least informatively if not normatively,
for how/why.   E.g., RFC 7493 section 4.4 can be used as the rule to encode bstr into
a string.

Dave
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email