Markdown Version | Session Recording

Session Date/Time: 12 Sep 2022 15:00

RATS

Summary

The RATS working group held an interim meeting to review potential blocking issues for the EAT (Evidence Attestation Token) draft, primarily based on feedback from Hillary Orman and the IoT Directorate. The discussion focused on specific technical concerns, their proposed resolutions in upcoming EAT drafts (v14/v15), and whether they remained blockers. The meeting also included a brief update on the status of working group milestones and drafts, with a particular focus on upcoming calls for adoption.

Key Discussion Points

• Note Takers: Russ Housley volunteered to take notes.

• Agenda Review: The agenda included a review of potential EAT blocking issues from the mail archive, a milestone update, and open mic time. A presentation by Lawrence Conroy on EAT status updates was noted but prioritized after the blocker review due to time constraints.

• EAT Blocker Review (from Hillary Orman's Feedback on Draft 13):

  • UEID Uniqueness Guarantee:
    • Concern: The document implies relying parties need a UEID uniqueness guarantee, but the calculation of collision probability relies on uniform randomness, which may not be practically guaranteed by device manufacturers.
    • Discussion: Lawrence Conroy stated that UEID is something that must be accepted unless entirely registry-based IDs are used. A sense of those present indicated this was a common approach and not controversial.
    • Outcome: Not considered a blocker by the group.
  • Self-Asserted Claims:
    • Concern: Questions were raised regarding the trust basis for self-asserted claims, the role of the signer, and the discovery/maintenance of trust relationships (e.g., "why should a third party assume that the signer is trustworthy?").
    • Discussion: Lawrence stated that draft 15 addresses this by making strong reference to the RATS Architecture document, clarifying that EAT does not define the trust model. He believed Hillary Orman's questions stemmed from unfamiliarity with the RATS architecture. Nancy provided a request to post the diffs between draft 13 and 15 to aid review.
    • Action: Review the diffs between EAT draft 13 and 15 (once v15 is posted) to confirm how the new wording aligns with the RATS architecture and addresses this concern.
  • Security Level Claim:
    • Concern: The "security-level" claim (with values like "low, medium, high") was deemed vague and unclear.
    • Discussion: Lawrence confirmed that this claim is being removed in draft 15.
    • Outcome: Resolved by removal.
  • Format vs. Protocol:
    • Concern: The document referred to EAT as a "network protocol" for proving trustworthiness, but it appears to be a message format.
    • Discussion: Lawrence stated that draft 14 already made changes to refer to EAT as a "message format" in one instance, with further improvements planned for draft 15. He clarified that the text in question was in an appendix, not normative, and aimed to compare EAT to other attestation schemes. Dave Thaler confirmed that not all instances of "network protocol" were fixed in draft 14.
    • Action: Chairs/Authors to post EAT draft 15 to the data tracker soon. Review draft 15 to ensure all instances of "protocol" referring to EAT are corrected to "message format."

• EAT Blocker Review (from IoT Directorate Feedback):

  • Profiles (Section 7):
    • Concern: Profiles were seen as potentially leading to non-interoperability and being "counter-cultural to the IETF" by opening the door to too much variability.
    • Discussion:
      • Dave Thaler argued that the IETF has precedents for frameworks with profiles (e.g., PRE-C, DHCP options, TAPS) for heterogeneous use cases. He emphasized that interoperability is at the profile level, not the base EAT format, and that existing profiles (e.g., for TEEP) have been concise and effectively leveraged EAT's building blocks.
      • Lawrence Conroy explained that the variability in EAT is inherited from CWT/COSE/CBOR. He clarified that EAT's profiles mechanism is an explicit solution to manage this inherent variability, making EAT a "framework" or "cookbook" for attestation token formats rather than defining a single specific one.
      • Michael Richardson expressed concern that if EAT has the same variability as CWT, the EAT document itself does little beyond referring to CWT. He preferred EAT to define common claims more clearly to reduce the need for lengthy profiles, citing past problems with multi-layered profiling (e.g., X.509/PKIX).
      • Gary Marrs added that CWT, approved for constrained environments, allows all claims to be optional and infinitely extensible, which is not practical for many IoT receivers. He suggested that EAT is trying to address an issue with its underlying specs, which Elliot did not acknowledge.
      • Lawrence agreed that CWT has similar interoperability issues but is less explicit about them, while EAT is "honest" and provides a solution with profiles.
    • Action: Consider adding text to the EAT profiles section to clearly explain the rationale for using profiles, addressing the inherent variability from underlying standards (CWT/COSE/CBOR), and clarifying EAT's role as a framework/cookbook for defining profiles.
  • Nonce Claim Entropy (Section 4.1):
    • Concern: The document requires nonces to have 64 bits of entropy but also limits max nonce size to limit memory. How does the generator know the consumer's memory?
    • Discussion: Lawrence stated that the document includes calculations for maximum size and addresses the generator/consumer concern, and he had already provided this response to Elliot.
    • Outcome: The issue is considered addressed in the document.
  • UUIDs Variable Length (Section 4.2.1/4.2.2):
    • Concern: Question regarding the 33-byte max length assertion and confusion about an example use case (reselling components, which UEID/SUEID to expose).
    • Discussion: Lawrence noted that Elliot's math was incorrect, and he had made wording improvements around SUEID in draft 14/15 to address the example's clarity.
    • Outcome: Wording improvements are in progress for clarity.

• Milestones Update (Nancy Cam-Winget):

  • Architecture: Under ISG evaluation/comment review.
  • CHARA & Profile Remote Integrity Verification: In RFC Editor's Queue.
  • EAT: Further issues to review, expectation for version 15.
  • Attestation Results for Secure Interactions: Version 3, open issues remain, authors to provide updates.
  • Media Types & Co-RIMs: Recently adopted, feedback reflected in GitHub.
  • Direct Anonymous Attestation (DAA): Version 1, needs more reviews to assess maturity for an early working group last call (EWGLC). Chairs will reach out to authors.
  • Network Device Subscription: Awaiting YANG review results; participants encouraged to provide feedback.
  • Unprotected CoT: Co-authors still working on it, aiming for maturity soon.
  • Interaction Models: Version 6, no open issues observed, chairs to check with authors for EWGLC.
  • Trust Anchor Stores (TAS) & E-Collection Types:
    • Call for interest for TAS received enough interest.
    • Discussion on whether TAS should be elevated to another WG or adopted by RATS; only one positive feedback for RATS adoption.
    • Call for interest on E-Collection Types to be continued on the mailing list.
  • Milestone Timelines: Proposed to push Co-RIM WG Last Call to March (from November) and IESG publication to September (from March). Proposed EWGLC in November for current drafts (authors to flag if not ready).
  • Call for Adoption for Trust Anchor Stores: A call for adoption will be initiated on the mailing list. Dave Thaler raised a process point, suggesting that adopting the Trust Anchor Stores draft might require a charter update, as its scope could be outside the current RATS charter, similar to a previous Co-RIM discussion. Nancy will verify the charter scope with the AD.

Decisions and Action Items

• Decision: The UEID uniqueness guarantee is not considered a blocker by the working group.
• Decision: The "security-level" claim issue in EAT is resolved by its removal in draft 15.
• Action: (Chairs/Authors) Publish EAT draft 15 to the data tracker as soon as possible.
• Action: (Working Group) Review the diffs between EAT draft 13 and 15 (once v15 is published), paying particular attention to the language regarding self-asserted claims and the use of "format" vs. "protocol".
• Action: (EAT Authors) Consider adding clarifying text to the profiles section of the EAT document to explain the rationale for the profile mechanism, its relationship to variability inherited from underlying standards (CWT/COSE/CBOR), and EAT's role as a framework.
• Action: (Chairs) Reach out to the authors of the Direct Anonymous Attestation (DAA) draft to get an update on its status and encourage further reviews for an early working group last call.
• Action: (Chairs) Reach out to the authors of the Interaction Models draft to assess its readiness for an early working group last call.
• Action: (Chairs) Initiate a call for adoption for the "Concise Trust Anchor Stores" draft on the mailing list.
• Action: (Working Group) Provide feedback on the "E-Collection Types" draft and express interest on the mailing list.
• Action: (Chairs) Verify with the AD whether adopting the "Concise Trust Anchor Stores" draft falls within the current RATS charter scope or if a charter update would be required.

Next Steps

• Continued discussion and review of EAT draft 15 once published.
• Mailing list discussions for the call for adoption of "Concise Trust Anchor Stores" and interest in "E-Collection Types".
• Chairs to follow up on the status of other drafts and the potential need for charter updates.
• Working group members are encouraged to review drafts awaiting YANG review or EWGLC consideration.