Minutes interim-2022-rats-02: Mon 08:00
minutes-interim-2022-rats-02-202209120800-00

RATS virtual interim notes
September 12, 2022
        •       Review of EAT blockers
        1       UEID uniqueness guarantee (secdir): Ned recapped the secdir
        review and the response and asks if it is an issue. Guy notes it’s a
        common approach and should be non-controversial. This was seconded. 2  
            Self-asserted claims (secdir): Ned recapped the secdir review and
        the response and asks if the assertion that the architecture draft
        addresses this is sufficient. Lawrence seconds that the architecture
        document covers this and that a reply was sent to secdir reviewer. Dave
        Thaler agrees with Lawrence (in chat comment). 3       Security Level
        (secdir): Ned recapped the secdir review relative to security level
        claim. Lawrence noted security level has been removed. 4       Format
        vs protocol (secdir): Ned recapped secdir review relative to protocol
        vs format. Lawrence noted that the language is more clear in -15. Dave
        notes that the text in -14 is inconsistent. This will need to be
        reviewed and made consistent (if not already). 5       Profiles
        (iotdir): Ned recaps the iotdir review’s issue with use of profiles and
        questions whether profiles are the way the working group wants to
        proceed. Dave Thaler notes profiles are not without precedent, and
        suggests it’s fine for this group to use profiles. He also notes there
        are several profiles already discussed or underway. Michael Richardson
        notes in chat that he does not care for the profile concept. Lawrence
        notes that the use of profiles here is not really very different from
        what already exists with CWT and COSE (in terms of variability).
        Michael would prefer for the draft to focus on common claim
        definitions. He suggests profiles are too long. Dave notes he has
        written a profile and found EAT to be useful and that his profile was
        roughly 1 page. He gives a thumbs up to the profile language. Ned asked
        if there is a lowest common denominator without a profile. Dave noted
        he thinks there is no interop without a profile for the reasons
        Lawrence noted. He provides a clear example to support this point.
        Kathleen supports Eliot’s suggestion that IETF culture favors set of
        mandatory to implement vs. profile approach. Giri notes that issue is
        really inherited from an underlying spec, which was approved as an RFC
        already. Dave notes he thinks the design decision was correct. More
        discussion re: CWT, etc. and fact that EAT is more up front about
        interop challenges. 6       Section 4.1 (iotdir): Review of comment re:
        nonce. Lawrence notes the calculation re: max size required is present
        in the draft. 7       Section 4.2.1 (iotdir): Review UEID length
        comment. Lawrence notes the math in the comment was not correct. Ned
        notes that math notwithstanding, is the wording clear enough? Lawrence
        notes some wording has been changed in -14 to address this. •       Did
        not get to these items.
9) Section 4.2.6 (iotdir):
10) Section 4.2.8
        (iotdir):
11) Section 4.2.15 (iotdir):
12) Section 4.2.16 (iotdir):
13)
        Section 9 (iotdir):
14) Minor Issues and nits:
15) Comments from Hannes
        Tschofenig:
16) Comments from Michael Richardson:
17) Extensibility,
        sockets, registry:
18) Security level (summary):
19) Endorsement
        relative to Evidence:
20) Issues from GitHub: •       Milestones ◦     
         Architecture is working its way through IESG ◦       Charra and RIV
        are in RFC editor’s queue ◦       EAT as just discussed. Some issues
        left to resolve/review in next version. ◦       AR4SI has some open
        issues in github ◦       Adopted CoRIM and media types ◦       DAA
        needs more reviews ◦       Network device subscription waiting on YANG
        review results ◦       Unprotected CWT draft is still being worked ◦   
           Interaction models is on version 6, need to check with authors for
        WGLC ◦       CoTS and EAT collection types had calls for interest.
        Sufficient interest was received. Needs some discussion re: keep CoTS
        in RATS vs elsewhere. May do a poll then take up on mailing list.
        Waiting on some comments from Thomas re: collection types. ◦      
        CoRIM is targeted for WGLC in November, but that may be too early.
        Propose sliding back to March. WGLC for current items targeted for
        November. ◦       Out of time. Call for adoption for CoTS will be
        posted to the mailing list. Dave notes a re-charter may be needed for
        CoTS. Kathleen notes attesation sets should be in the WGLC list as well.