Re: [Teep] Comment on JSON support in TEEP OTrPv2 draft
Dave Thaler <dthaler@microsoft.com> Tue, 23 July 2019 22:09 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7237B12012A for <teep@ietfa.amsl.com>; Tue, 23 Jul 2019 15:09:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UXct5XIMjYyu for <teep@ietfa.amsl.com>; Tue, 23 Jul 2019 15:09:16 -0700 (PDT)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-eopbgr740123.outbound.protection.outlook.com [40.107.74.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20D9B120120 for <teep@ietf.org>; Tue, 23 Jul 2019 15:09:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WzP8oOOHsdmQUe0inwIYGWGSGjRJOXCarUVGyBhbf+UO8IzqIDntmRbd20svTQiqGlwzGWi7++5fvEhET3ji7jk4s2UuGo/f/0V8QsAkldAl6574AOD9js/HH0y3a4SM3r8QfEPtUUEIfdB5na23VkXpQlOFBtdjtsBXlG1DRCPeFyV3t7pwIw1QZo3inEBi5hhaei2+eEnDEemShazbpqXA5WSlhfHhTiHiTIAPh3JOPhZnmGP+cMfVJP9tJU+h6Fwvfihp3oltAIBFP1Mp7iE0Ar1QVLmLZFEd0F+oQk9Dpd/KujcX+a7gtk4UVyCx1s0vAr8sZ2F4qqZBXu0rGA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TkuV7snjnxI52bf6UjYdqoI45nffhBE2PN9hs/RiabQ=; b=eCzta2nnAVBTqDjExUk8SDDM1TDJjj9RmOqYTmLVqiYgyzNh0tQN5H8RlEpS72dj+lqUu9b3HuV1sHRi2Cf3y4oIqmE/1XflZf89Krob/4HeO462JEhPH4fZCmhdIicyc43JNz1FgqdG/VFEtBQ/tk/jY651r4niRp/ErIJBxQD6/HGGXgl05JDQ9Ku4+PRq4B1fWa7lw0TrEby35NgJ6m5u8BN7ly3Ns5YRhxZdII9CtcPglatkePH/JOLJdX3gYsHOgsnD81iwUCPg/gY6EXOkaaC6uCs3zbA34BtJcaHmH+7Z8H7m2seAboogByf9OCNQlxhGFaIWJOw4N6i3xg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=microsoft.com;dmarc=pass action=none header.from=microsoft.com;dkim=pass header.d=microsoft.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TkuV7snjnxI52bf6UjYdqoI45nffhBE2PN9hs/RiabQ=; b=Tt9orlTOvnJsGPY8FpRGOOHzWDxoHnIVsXfHVweLudGkpE99TzW8dHMr3VIbTFSJlWMBiurLP8NBj9TNPac2mcss7bYYBt/gueJj+WgqliFHf0bWUQsPUOwX+0uA0NcBOjFO4WoiZxARhicGMrB1U/3CXTorO/eSUKFcJnm4hPk=
Received: from MWHPR21MB0784.namprd21.prod.outlook.com (10.173.51.150) by MWHPR21MB0766.namprd21.prod.outlook.com (10.173.51.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.2136.3; Tue, 23 Jul 2019 22:09:13 +0000
Received: from MWHPR21MB0784.namprd21.prod.outlook.com ([fe80::7de1:e6c1:296:4e82]) by MWHPR21MB0784.namprd21.prod.outlook.com ([fe80::7de1:e6c1:296:4e82%5]) with mapi id 15.20.2136.000; Tue, 23 Jul 2019 22:09:13 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
CC: "teep@ietf.org" <teep@ietf.org>
Thread-Topic: Comment on JSON support in TEEP OTrPv2 draft
Thread-Index: AdVBm/7p/+2+SshzR/qOX0J9Xs7iTQAApk2QAAESbiA=
Date: Tue, 23 Jul 2019 22:09:13 +0000
Message-ID: <MWHPR21MB078487F3420FB651DAC35F70A3C70@MWHPR21MB0784.namprd21.prod.outlook.com>
References: <MWHPR21MB0784A8A93EFABF7224F086D5A3C70@MWHPR21MB0784.namprd21.prod.outlook.com> <VI1PR08MB536053A7A1DFB51A1D4F25A9FAC70@VI1PR08MB5360.eurprd08.prod.outlook.com>
In-Reply-To: <VI1PR08MB536053A7A1DFB51A1D4F25A9FAC70@VI1PR08MB5360.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=dthaler@ntdev.microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-07-23T21:29:56.7735738Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=653c2f77-7c3f-4071-b63e-672e0f250799; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dthaler@microsoft.com;
x-originating-ip: [2001:67c:370:128:5972:fc7e:43d9:33de]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e7c1d92d-d415-41c8-8012-08d70fba658a
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:MWHPR21MB0766;
x-ms-traffictypediagnostic: MWHPR21MB0766:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <MWHPR21MB0766289EC160941C982F1309A3C70@MWHPR21MB0766.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0107098B6C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6029001)(4636009)(366004)(396003)(136003)(376002)(39860400002)(346002)(40434004)(199004)(189003)(8990500004)(316002)(68736007)(8936002)(22452003)(2906002)(6916009)(64756008)(6116002)(486006)(66446008)(33656002)(76176011)(186003)(7696005)(81166006)(53546011)(102836004)(99286004)(6506007)(256004)(14444005)(5024004)(81156014)(10090500001)(6306002)(55016002)(229853002)(446003)(11346002)(8676002)(86362001)(52536014)(6436002)(46003)(478600001)(9686003)(236005)(14454004)(790700001)(53936002)(66476007)(476003)(6246003)(54896002)(66946007)(76116006)(66556008)(4326008)(71190400001)(25786009)(74316002)(10290500003)(71200400001)(5660300002)(7736002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR21MB0766; H:MWHPR21MB0784.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: RlNXiIM9X+K0YKnmTy0sQTw/Ks1/SOyXPfis46JbBBed0drnVmiKa2IY8k6QviPWUDq05HPmdgDGHAe7DKjhRYqhjAHC6pn9racghJvgC8xQbDLEXIQTJ1L7ZR9l7mrnwNbPLU69VzKoyFZxvT476gG0/uoqzdsBPSmAIiowUBx2ahEON3SXG/8lLXNPqZKZdXX2iLHbfq7IzlXUXl1SNVz5ra/TlWLJhtJzB+ddBBsIocxG/DAopW182NsWNyE9OMj5BNwINhM63atBrJelUWF42amUjs70Fa1BWnGPK0C659FgeV18z182TiHhkV5lGmYZDvJapSWH0HTeIfWofIGQssZyeLYvOOioECdzFMXq41tWsYQwq+NqY1nXY4yOfNy63mh96z4Wm3Vv02dGAHh4L5xXGyvt+heatH/g8iw=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MWHPR21MB078487F3420FB651DAC35F70A3C70MWHPR21MB0784namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e7c1d92d-d415-41c8-8012-08d70fba658a
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jul 2019 22:09:13.6404 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dthaler@ntdev.microsoft.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR21MB0766
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/Uc86Q6Af9hmcuHSnoUt-ptaPIyQ>
Subject: Re: [Teep] Comment on JSON support in TEEP OTrPv2 draft
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 22:09:21 -0000
Personally, I like what OTrPv1 did which was to just reference JWS/JWE and specify the payload that gets signed/encrypted. So you could specify the payload in CDDL but just reference the JOSE & COSE RFCs for how to wrap them. So you use CDDL to express JSON when wrapping in JOSE, and use CDDL to express CBOR when wrapping in COSE. Maybe I'm missing some technical issue, but that's my short answer anyway. Dave From: Hannes Tschofenig <Hannes.Tschofenig@arm.com> Sent: Tuesday, July 23, 2019 5:41 PM To: Dave Thaler <dthaler@microsoft.com> Cc: teep@ietf.org Subject: RE: Comment on JSON support in TEEP OTrPv2 draft Thanks, Dave. I will look at the ways to best encode bstr. The biggest problem I had was with referencing CDDL items that refer to the JOSE counterparts to this structure: Msg_AuthEnc_Wrapper = [ * (COSE_Mac_Tagged / COSE_Sign_Tagged / COSE_Mac0_Tagged / COSE_Sign1_Tagged)] Do you have an idea on how to solve that problem? I am not entirely sure there is even a CDDL description of JOSE. Ciao Hannes From: Dave Thaler <dthaler@microsoft.com<mailto:dthaler@microsoft.com>> Sent: Dienstag, 23. Juli 2019 17:30 To: Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>> Cc: teep@ietf.org<mailto:teep@ietf.org> Subject: Comment on JSON support in TEEP OTrPv2 draft The OTrPv2 draft says it supports JSON and CBOR (which is great to see), although in the meeting you correctly noted the JSON support isn't completely specified. The CDDL RFC (RFC 8610) does apply to JSON, as Appendix A explains, as long as you only use the specific subset of CDDL specified there. The current OTrPv2 draft does not, however, currently stick to that subset of CDDL. For example, it uses "bstr" which Appendix A explains is not in that subset. I think OTrPv2 can still be mapped to JSON, as long as you explain how to map such types in the OTrPv2 JSON format. (I am assuming we do NOT need the ability for an intermediary to translate between CBOR and JSON, in which case you'd need more than what I'm suggesting here.) RFC 7493 was pointed out in the INTAREA WG, which species "a restricted profile of JSON designed to maximize interoperability and increase confidence that software can process it successfully with predictable results". That is, it specifies a profile of JSON, sort of like how RFC 8610 specifies a profile of CDDL. Section 4 of RFC 7493 in particular gives recommendations for how to map specific data types, including binary data. So I would suggest that the OTrPv2 doc talk about how to encode "bstr" (and any other CDDL types missing from the profile in RFC 8610 Appendix A) into types within the CDDL JSON profile, and reference relevant sections of RFC 7493, at least informatively if not normatively, for how/why. E.g., RFC 7493 section 4.4 can be used as the rule to encode bstr into a string. Dave IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Teep] Comment on JSON support in TEEP OTrPv2 dra… Dave Thaler
- Re: [Teep] Comment on JSON support in TEEP OTrPv2… Hannes Tschofenig
- Re: [Teep] Comment on JSON support in TEEP OTrPv2… Dave Thaler