Comments (5)
nedmsmith
commented on July 23, 2024
The link to mailarchive doesn't appear to show messages related to this issue. Difficult to get context. My feedback related to levels is there isn't a clear use case or security model for the levels defined here. For example, the Bell-LaPadula security model defines security levels which are meaningful in that context. However, it isn't possible to map the levels defined in EAT because BL levels also have compartments and require a TCB boundary definition. These elements are not defined by EAT.
from eat.
laurencelundblade
commented on July 23, 2024
The right link to the previous discussion that seems worth reading.
https://mailarchive.ietf.org/arch/msg/eat/cCalQh6WIePUYgZr_amp6FfOHc4/
from eat.
laurencelundblade
commented on July 23, 2024
This claim is oriented around resistance to attack. There seems to be some consensus around that the discussion in the mail archive. This claim is also in line with other efforts like that in FIDO.
https://mailarchive.ietf.org/arch/msg/eat/cCalQh6WIePUYgZr_amp6FfOHc4/
Bell-LaPadula doesn't seem to be about resistance to attack and doesn't seem useful here.
from eat.
laurencelundblade
commented on July 23, 2024
The proposal for this open issue is to reduce to three security levels from four.
Alternatively we could go to five by adding a "system services" level that is roughly equivalent to root on Linux.
from eat.
laurencelundblade
commented on July 23, 2024
Fixed by #116
from eat.
Related Issues (20)
- measurement results claim --- seems too general purpose to be useful HOT 2
- what is purpose of tolerating jti/cti claims HOT 6
- how to find/label Endorsement and Verification Keys HOT 5
- IANA considerations, expert review guidance needs clarity HOT 3
- some advice on freshness would be good HOT 8
- Should spoofed or corrupted location be addressed in the specification? HOT 3
- readers must be familiar with CDDL and CBOR diagnostic format
- add ref to EAT media types
- What are "attestations" HOT 5
- inconsistency in `iat` definition HOT 10
- prohibition around "passing through" claims from evidence to attestation results HOT 7
- IANA Considerations HOT 3
- The value of eat_nonce used in the examples HOT 7
- Security AD Review: clarify sec cons discussion on nonces HOT 1
- Security AD review: address SBOM comments HOT 2
- Security AD review: clarify intuse claim HOT 1
- How far to go with manifest and measurement sub types HOT 1
- use rfc2648 for profile identification HOT 1
- small typos in examples HOT 1
- Measurements encoding clarifications HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from eat.