From 701013c19a80b30d9f58338736015ed8d12e8d56 Mon Sep 17 00:00:00 2001 From: Thomas Fossati Date: Mon, 30 Sep 2024 15:17:59 +0200 Subject: [PATCH] feat: allow plugging CMW into EAT submods Signed-off-by: Thomas Fossati --- draft-ietf-rats-msg-wrap.md | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/draft-ietf-rats-msg-wrap.md b/draft-ietf-rats-msg-wrap.md index 99d8288..55de15b 100644 --- a/draft-ietf-rats-msg-wrap.md +++ b/draft-ietf-rats-msg-wrap.md @@ -301,10 +301,10 @@ For further security considerations about collections, see {{seccons-coll}}. ### Relation to EAT `submods` EAT submods ({{Section 4.2.18 of -rats-eat}}) provide a facility for aggregating attestation that has built-in security and will be suitable for some of the same attestation Evidence use cases covered by CMW collections. -However, compared to CMW collections, EAT submods are limited in two ways: -1. EAT {{-rats-eat}} allows carrying non-EAT-formatted types by augmenting the $EAT-CBOR-Tagged-Token socket or the $JSON-Selector socket. However, these need to be specified in subsequent standard documents updating the EAT specification, -2. Their top-down structure does not align well with the bottom-up approach layered attesters use to build the chain of trust, making them not ideal for modelling layered attestation. +However, compared to CMW collections, EAT submods are not ideal for modelling layered attestation because their top-down structure does not align well with the bottom-up approach layered attesters use to build the chain of trust. + +This specification (see {{submods}}) extends EAT to allow carrying CMW in EAT `submods`. ### CMW Collections' role in composite Attester topology @@ -462,6 +462,25 @@ Section 6.1.8 of {{DICE-arch}} defines the ConceptualMessageWrapper format and t The CMW format defined in {{DICE-arch}} allows only a subset of the CMW grammar defined in this document. Specifically, the tunnel and collection formats cannot be encoded using DICE CMWs. +# Transporting CMW in EAT `submods` {#submods} + +{{Section 4.2.18 of -rats-eat}} allows carrying non-EAT-formatted types in EAT submods by augmenting the `$EAT-CBOR-Tagged-Token` socket or the `$JSON-Selector` socket. + +The following CDDL adds `cbor-CMW` and `json-CMW` to EAT using such extension points: + +~~~ cddl +$EAT-CBOR-Tagged-Token /= #6.CPA765(cbor-CMW) + +$JSON-Selector /= [ type: "CMW", nested-token: json-CMW ] +~~~ + +Where: + +* `cbor-CMW` and `json-CMW` are defined in {{collected-cddl}}, and +* `CPA765` is the CBOR tag for CMW ({{iana-cbor-tag}}). + +[^rfced] This document uses the CPA (code point allocation) convention described in {{?I-D.bormann-cbor-draft-numbers}}. For each usage of the term "CPA", please remove the prefix "CPA" from the indicated value and replace the residue with the value assigned by IANA; perform an analogous substitution for all other occurrences of the prefix "CPA" in the document. Finally, please remove this note. + # Examples The (equivalent) examples in {{ex-ja}}, {{ex-ca}}, and {{ex-ct}} assume that @@ -663,13 +682,13 @@ IANA is requested to add a new `cmw` claim to the "JSON Web Token Claims" sub-re * Change Controller: IETF * Specification Document(s): {{type-n-val}} and {{cmw-coll}} of {{&SELF}} -## CBOR Tag Registration +## CBOR Tag Registration {#iana-cbor-tag} IANA is requested to add the following tag to the "CBOR Tags" {{!IANA.cbor-tags}} registry. | CBOR Tag | Data Item | Semantics | Reference | |----------|-----------|-----------|-----------| -| TBD | CBOR map, CBOR array, CBOR tag | RATS Conceptual Message Wrapper | {{type-n-val}}, {{cbor-tag}} and {{cmw-coll}} of {{&SELF}} | +| CPA765 | CBOR map, CBOR array, CBOR tag | RATS Conceptual Message Wrapper | {{type-n-val}}, {{cbor-tag}} and {{cmw-coll}} of {{&SELF}} | ## RATS Conceptual Message Wrapper (CMW) Indicators Registry {#iana-ind-ext} @@ -891,7 +910,7 @@ When using CMW collection, the preconditions apply for each entry in the collect The list of currently open issues for this documents can be found at [](https://github.com/thomas-fossati/draft-ftbs-rats-msg-wrap/issues). -Note to RFC Editor: please remove before publication. +[^rfced] please remove before publication. # Acknowledgments {:numbered="false"}