New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Second attempt at early allocation of CWT Labels #152
Merged
Merged
Changes from all commits
Commits
Show all changes
9 commits
Select commit
Hold shift + click to select a range
3b681e0
First parts of new CWT Key assignments
2de6c55
more label fixes
eb34946
mostly finished early allocation of claims in the document
3a7253c
Change all the CDDL and examples to new tag numbers
0a686e6
resolve minor conflict with master
905a8af
Make it clear that claim numbners for early allocation are just reque…
001af7b
Remove security-level from early allocation
c8b39f5
Merge branch 'master' into early2
de7f723
remove the TBDnnn from claims that are not for early assignment
File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,15 @@ | ||
; These are not yet assigned in any way and may change. | ||
; These are intentionally above 24 so as to not use up | ||
; single-byte labels. | ||
; These are not yet assigned numbers | ||
|
||
security-level-label = <TBD> | ||
uptime-label = <TBD> | ||
boot-seed-label = <TB> | ||
intended-use-label = <TBD> | ||
dloas-label = <TBD> | ||
sw-name-label = <TBD> | ||
sw-version-label = <TBD> | ||
manifests-label = <TBD> | ||
swevidence-label = <TBD> | ||
swresults-label = <TBD> | ||
|
||
|
||
|
||
sueids-label = <TBD25> | ||
hw-version-label = <TBD26> | ||
sw-name-label = <TBD29> | ||
sw-version-label = <TBD30> | ||
uptime-label = <TBD31> | ||
boot-seed-label = <TBD32> | ||
intended-use-label = <TBD33> | ||
dloas-label = <TBD34> | ||
manifests-label = <TBD35> | ||
swevidence-label = <TBD36> | ||
swresults-label = <TBD37> | ||
hardware-model-label = <TBD39> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,10 @@ | ||
{ | ||
/ issuer / 1: "joe", | ||
/ nonce / 10: h'948f8860d13a463e8e', | ||
/ UEID / 11: h'0198f50a4ff6c05861c8860d13a638ea', | ||
/ OEM ID / 13: h'88124e', | ||
/ HW Class / 39: h'881cf5f243fbef3336bbd22547dddefc', | ||
/ secure-boot / 15: true, | ||
/ debug-disable / 16: 3, / permanent-disable / | ||
/ UEID / 256: h'0198f50a4ff6c05861c8860d13a638ea', | ||
/ OEM ID / 258: h'88124e', | ||
/ HW Model / 259: h'881cf5f243fbef3336bbd22547dddefc', | ||
/ secure-boot / 262: true, | ||
/ debug-status / 263: 3, / permanent-disable / | ||
/ timestamp (iat) / 6: 1526542894 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,24 +1,24 @@ | ||
{ | ||
/ nonce / 10: h'948f8860d13a463e8e', | ||
/ UEID / 11: h'0198f50a4ff6c05861c8860d13a638ea', | ||
/ secure-boot / 15: true, | ||
/ debug-disable / 16: 3, / permanent-disable / | ||
/ UEID / 256: h'0198f50a4ff6c05861c8860d13a638ea', | ||
/ secure-boot / 262: true, | ||
/ debug-status / 263: 3, / permanent-disable / | ||
/ timestamp (iat) / 6: 1526542894, | ||
/ security-level / 14: 3, / secure restricted OS / | ||
/ submods / 20: { | ||
/ security-level / 261: 3, / secure restricted OS / | ||
/ submods / 266: { | ||
/ first submod, an Android Application / | ||
"Android App Foo" : { | ||
/ security-level / 14: 1 / unrestricted / | ||
/ security-level / 261: 1 / unrestricted / | ||
}, | ||
|
||
/ 2nd submod, A nested EAT from a secure element / | ||
"Secure Element Eat" : | ||
/ an embedded EAT, bytes of which are not shown / | ||
h'420123', | ||
h'420123', / TODO: make this real / | ||
|
||
/ 3rd submod, information about Linux Android / | ||
"Linux Android": { | ||
/ security-level / 14: 1 / unrestricted / | ||
/ security-level / 261: 1 / unrestricted / | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,8 @@ | ||
$$claims-set-claims //= ( | ||
hw-version-label => hw-version-type | ||
hardware-version-label => hardware-version-type | ||
) | ||
|
||
hw-version-type = [ | ||
hardware-version-type = [ | ||
version: tstr, | ||
scheme: $version-scheme | ||
] |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This comment is placed as the top comment of a batch review and serves as a kind of introduction to the review.
In general, I am under the impression that a significant source for debate is the undifferentiated use of the defined sets of Claims in both EATs that reflect Evidence or EATs that reflect Attestation Results.
Additionally, I am not clear about how an EAT shall express that its content is either Evidence or Attestation Results. Adding to that, I am not clear about how an EAT shall expresses the identity the responsible Attesting Environment of an Attester or the responsible Verifier that produces the Claims and puts them into the corresponding RATS Conceptual Message (except implicitly due to the key material used for signing, which might not apply if UCCS or UJCS are used and nesting EATs are conveyed).
To reiterate, the more I try to compose RATS Conceptual Messages via the current Claim definition provided by this document, the more my doubts concerning the feasibility of the entire approach increase. I am not clear on how to compose useful and unambiguous EAT with the current definitions, tbh. To illustrate my confusion, I selected the very first issue that came to mind for each Claim definition that is covered by this PR.
Analogously, each following comment of this review batch is target towards a single Claim in the set for early allocation, specifically. The Claim specific comments are associated with draft-ietf-rats-eat.md.