Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

remove "relation with EAT submods" section #124

Merged
merged 2 commits into from
Nov 2, 2024
Merged

remove "relation with EAT submods" section #124

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
10c9bc3
remove "relation with EAT submods" section
thomas-fossati Oct 28, 2024
6ee0308
remove dup reference
thomas-fossati Oct 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 3 additions & 9 deletions draft-ietf-rats-msg-wrap.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ Additionally, the document describes a collection type that enables the aggregat
This document also defines corresponding CBOR tag, JSON Web Tokens (JWT) and CBOR Web Tokens (CWT) claims, as well as an X.509 extension.
These allow embedding the wrapped conceptual messages into CBOR-based protocols, web APIs, and PKIX protocols.
In addition, a Media Type and a CoAP Content-Format are defined for transporting CMWs in HTTP, MIME, CoAP and other Internet protocols.
Finally, this specification extends EAT to allow carrying CMWs in EAT submods.

--- middle

Expand Down Expand Up @@ -146,6 +147,7 @@ objects.
This document also defines corresponding CBOR tag, JSON Web Tokens (JWT) and CBOR Web Tokens (CWT) claims, as well as an X.509 extension.
These allow embedding the wrapped conceptual messages into CBOR-based protocols, web APIs, and PKIX protocols.
In addition, a Media Type and a CoAP Content-Format are defined for transporting CMWs in HTTP, MIME, CoAP and other Internet protocols.
Finally, this specification extends EAT to allow carrying CMWs in EAT submods.

# Conventions and Definitions

Expand Down Expand Up @@ -301,14 +303,6 @@ In particular, all the members in a CMW must be bound together so that an attack
The authenticity and integrity protection MUST be attestation-oriented.
For further security considerations about collections, see {{seccons-coll}}.

### Relation to EAT `submods`

EAT submods ({{Section 4.2.18 of -rats-eat}}) provide a facility for aggregating attestation that has built-in security and will be suitable for some of the same attestation Evidence use cases covered by CMW collections.
However, compared to CMW collections, EAT submods are limited in two ways:

1. EAT {{-rats-eat}} allows carrying non-EAT-formatted types by augmenting the $EAT-CBOR-Tagged-Token socket or the $JSON-Selector socket. However, these need to be specified in subsequent standard documents updating the EAT specification,
2. Their top-down structure does not align well with the bottom-up approach layered attesters use to build the chain of trust, making them not ideal for modelling layered attestation.

### CMW Collections' role in composite Attester topology

A CMW Collection's tree structure is not required to be a spanning tree of the system's composite Attester topology.
Expand Down Expand Up @@ -466,7 +460,7 @@ Section 6.1.8 of {{DICE-arch}} specifies the ConceptualMessageWrapper (CMW) form
The CMW format outlined in {{DICE-arch}} permits only a subset of the CMW grammar defined in this document.
In particular, the tunnel and collection formats cannot be encoded using DICE CMWs.

# Transporting CMW in EAT `submods` {#submods}
# Transporting CMW in EAT submods {#submods}

{{Section 4.2.18 of -rats-eat}} allows carrying non-EAT-formatted types in EAT submods by augmenting the `$EAT-CBOR-Tagged-Token` socket or the `$JSON-Selector` socket.

Expand Down