[Ace] draft-ietf-ace-key-groupcomm / Appendix with generalized format for sign_info_entry

Marco Tiloca <marco.tiloca@ri.se> Thu, 15 April 2021 07:13 UTC

Return-Path: <marco.tiloca@ri.se>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 081F63A12E6 for <ace@ietfa.amsl.com>; Thu, 15 Apr 2021 00:13:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.8
X-Spam-Level:
X-Spam-Status: No, score=-2.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ri.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zRLSMrTnAKVV for <ace@ietfa.amsl.com>; Thu, 15 Apr 2021 00:13:24 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140042.outbound.protection.outlook.com [40.107.14.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8B4B3A12E3 for <ace@ietf.org>; Thu, 15 Apr 2021 00:13:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OUOf58RUj5ovX0rIDFaXDl6782yd0W4tIe+6rpdp+v8DdD0T8mLwtQpiZO4DqUw8lti5mp+1c2FLTZfBoxHt0Ue9vGGTDTidP2Fmvkvu9SW100gZp+AbGNOb7iIiK9/zGfCiWLjZ372334BgK0YZLWmCPhSif8NTlOna4hJnUvZCCE6bPbvabYNOU/2RodeffQqVtTTMCWrQ8d6FrPdf8XHIBPoiLlBnxExwic8xAFI6INm1U2hOgPLAGRnbMBwtYOTmgjz0kC0ISVBTah4sA3zy1aSks+AI6sn41pQUFrsOGfddi38h2cyMk8J2FItM7ieXOhLE74vfxwTVOhb6uw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=B7SyU+APrv27jjwVVyXosDRhmOiAvNT7SObtmNXzXf8=; b=UfEpxxPcFScI+K4ROmdRTVlX4S+Uo6+L/SO1EaICzWseTgkozJg6XJ7LEKvKwWAyW54bwn1KIItgb4ZwETZKikONv1ZOa06CtRz7jXmNHAGxzDgD73AtSyH/FNeNuukR5igi6kBjfJVopKDCJ/lYepQDEVsYiQTEjUEBf7zb/K/yfko9iq589+8taOye6Wy0HAtdRWKo2xDSNR16Kur8yov11IWFRDQd3NckmahJ6M9Jm6zaPQ282b9TYjRqRS/b0/tmMJF8AEapfc9WClii7DAqwLZH1TZebDaBu4I+CVHftuY0+AApGOrJ6hR6ugB33IhNYTj1WgMzg6A/HIuLYg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=B7SyU+APrv27jjwVVyXosDRhmOiAvNT7SObtmNXzXf8=; b=TK8chiUACB8Zh2V0HOKk81g2RDowSk6B6qchWYRnRX5OBnIDP/SSDH4uXAwMFK6MJx7oDdeNRi2dFtEKhtPv//X+Ql2ezW8PMvXaIRcRe2bWCKoiFrSmG0TY5OdrtC0j+imvbv8BUbqY4OydGZm4f+J3bYDd/8uLBYikNAmfSYg=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ri.se;
Received: from DB8P189MB1032.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:16e::14) by DB8P189MB0839.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:148::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.16; Thu, 15 Apr 2021 07:13:21 +0000
Received: from DB8P189MB1032.EURP189.PROD.OUTLOOK.COM ([fe80::6918:90f9:e9c4:d3b3]) by DB8P189MB1032.EURP189.PROD.OUTLOOK.COM ([fe80::6918:90f9:e9c4:d3b3%3]) with mapi id 15.20.4042.018; Thu, 15 Apr 2021 07:13:21 +0000
To: ace@ietf.org
From: Marco Tiloca <marco.tiloca@ri.se>
Message-ID: <c3825f19-8732-a62c-b229-0862b580eae5@ri.se>
Date: Thu, 15 Apr 2021 09:13:18 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="aAS4TcfSTpKCdC0x48OABWhtI9d469Jyf"
X-Originating-IP: [86.106.103.103]
X-ClientProxiedBy: HE1PR08CA0063.eurprd08.prod.outlook.com (2603:10a6:7:2a::34) To DB8P189MB1032.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:16e::14)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.8.1.4] (86.106.103.103) by HE1PR08CA0063.eurprd08.prod.outlook.com (2603:10a6:7:2a::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.16 via Frontend Transport; Thu, 15 Apr 2021 07:13:20 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: eb9ba0b6-98b7-46f9-f0bd-08d8ffddf357
X-MS-TrafficTypeDiagnostic: DB8P189MB0839:
X-Microsoft-Antispam-PRVS: <DB8P189MB0839948484C038B1D3F46E6C994D9@DB8P189MB0839.EURP189.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:5516;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: KRHxWfAqpksS6BuAsNmAbs2Mqcb79iUPgFw7w4eHAecfiGLlhRGW0dd+Si3R+FDWGp9SvsXfUdhdo1JcmNZPqzStPiEA6qJmOs96Jik7tvb/HZwfxB2EtJMgW1nw7ACzbXzG1VYA+UdPH3smpQgze4dlfADjSkm/b1vID3E0N3Y2MQf1xC25jmgMllQHl3Rl4G3ejp/wQJoJMMycADYJLw++HQCZE22oxUaT+LAfNFVLeeZyxU3cski7joxJIdHpHtpi9zybaSZMlqYYkakSrkIryO9y0s2fx6dwtjDIR3VNIk6x/USiQDtnXJQETFua528XiNjuZdJFulFQeBhaQjp4x0t81C4igIaAKiDu/+dNFo8LnmR3vNNIF0cBRK2tMV6lAHXrfnpJXsnDvImMDHtn190TjJpfFm6VbdCFGmLHDoI/KwDox9LJBC+EWsxCCmk/dlnYwphYaHAMkmdeXiag9pU7blluUO7DoWe9Ae8LqPNpsLBmyYxTSs5fQ/3LwdU0MTWqyMjkXU9aYkfX8okcLh5SnTMM6OaiC2gZ+KJFOSSrLVHEWQ6LS6LQ03PhROlzK8z9zWf00VFOg6+pMVDx4X4bqpt4YDHJFqYpN+TtmqmeCj7fzFtgNb9LgGOhpyt89OFQZaziNTjq9UeVsawHU24NZz/sku8oI+DYNzIpFdoKHGB2N5fMLrK8PNGz/vOUdDyQ8Dum6mSYvxGP0huvq226GIsCVWYSWvwV5cs746ZRSlPORztqT8+KaqlBLf6yiqAMbp6K209fQhgq4O1B2l1a8q+yge8U1Vbuwfc=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB8P189MB1032.EURP189.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(396003)(39850400004)(346002)(376002)(136003)(956004)(52116002)(2616005)(2906002)(8936002)(66476007)(316002)(6486002)(6916009)(235185007)(33964004)(21480400003)(66556008)(38350700002)(16576012)(38100700002)(66946007)(26005)(478600001)(966005)(8676002)(44832011)(86362001)(83380400001)(31696002)(5660300002)(16526019)(36756003)(31686004)(186003)(45980500001)(43740500002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?VkxFem4yK3pIOTZEbnRsMVlPa2lCM0wvaGdLSmlscmwrbGxOWW9FdTVBUmtN?= =?utf-8?B?aEc1TU15Q3UybmREK1U3NGdybFNsRUtQcTczQjByQ3BrQ2t0TEZjcUlTNEo2?= =?utf-8?B?MzRQV1Mra2RhaEw4c2paT3o4cEMzdWMzNU83ekhQQWRpa0pleG0ybGIzU1pv?= =?utf-8?B?STZBMGxlNzlwQTRMUXhmZUYyWU9iUXYycm5CN1Q4a1ZZOHdWMVNhc05OY0JN?= =?utf-8?B?QVdzdmdLb0UrajczWHVxd2FuVzFYNTRmSldWWWpEWGxYT0JodXdhcTFSdXRU?= =?utf-8?B?QzBxU2EzbHZLUm9SL1dIVmdzNktWZVhZSjNXVURmZTF6SmxqcE5XaWxNK3pj?= =?utf-8?B?aFdTbHVwb1dXbjBZdzlUZWpFOVJTZENXK3d1UTBpTDFPQ2tCZC9jQm96QzJi?= =?utf-8?B?S3NPWU9zMTlXT3VBUmc5L3MzWGVsSkZ2OXRCbmtiSU8rdGYvMXJZM1EzbWtJ?= =?utf-8?B?NTJNU3A0K25hVFUzbzIyZlkvYlVwZUlsYUxTa1ZQVUFCYUlDdzV3RzFlMmEr?= =?utf-8?B?MVlKTjA0M0hDbGdDc2tMdFd6ZjFKbklqTUxTRldMUzYvcnBVb1YxdisrM1lR?= =?utf-8?B?dDhmenpuZ2Q4OXZRU0k1MSs4QXRxZndyQ3FmdTBObTJMeHlhTUpuVm5pVlkz?= =?utf-8?B?a1JmQ1JVMGU1eGVrek1hcnY5Z0dBYUkvL3g1SXlsYVlLMzg2OUdPNndsWXJu?= =?utf-8?B?QXNUVDB2ZE02aUpBSmR6U2Jtd3BRdjN2UFRmTG1oVHE4eVltUUtOYVg0R2F3?= =?utf-8?B?eGNUUHhIdUVYMVJCbnh1L0wwSTlIK2MyY285aEpsQkF0TnZpNXk3K3RybXdt?= =?utf-8?B?bmJjZHhBWSsydFR2THMvVHZGaC9CMmoyOUgvaStHcHFJbTQxZGkzeDMvVDhn?= =?utf-8?B?RHV5OHFOVy80ME41UjEwdnVKc0xmQ1VxR2hHeVd5QlpCT0E0SjYzQmY3QzBv?= =?utf-8?B?K1c4bS82aVZXRE1OZVNYNy9XQ2MvVDAzbGpDOUQrODZmb2FnVkVuZ21vV1lO?= =?utf-8?B?d2h1UllEQWNXcTZvc0JNVWNLYk94bTdrSyt2bC83NUMzYjRXaVVrb2R5SHVD?= =?utf-8?B?eGt5ek5CU3gwUWRuQ0N1OVgzb1N0OHZSK2hrS244ckhKdWZnQ2JQeUhkclU2?= =?utf-8?B?Y25QWkNabzZCQTh0d2JmY1NsQlROWDhNREZRL1lqaHQ2V0p6aXNlM3dlMzZ6?= =?utf-8?B?SWFFSGd2dFl1VHNWNktFSFZuRjRFL1E2L3BXdUhOZG9VK3BpVVRKcWRTWUQ1?= =?utf-8?B?aWJ1T1VCRnBMYlNhRGxoU0Z0ZFFrb0U0R3AwbXhFNnNrY0s2QVhuVEJwSlJJ?= =?utf-8?B?WVRLU0cwTnRPZWJqSlJTalVvZnZXWHpTZVZMcmJYRjVQVzlHQ0RaT1BJUHB5?= =?utf-8?B?VmE2cjFodmJCQXZHQUNjVC9lbUVLZGt2eHR6YjRzV0V3eXBCbHJnMDRJR0Jz?= =?utf-8?B?bDdpTWJrQ2FHSDVLMHY2SDI5MGt4T1lmdnEzanAzb1NvVzFXaFpRRm1UalZq?= =?utf-8?B?ZEJWYkx6OFhwUlR5L1dQbk9vb3NaVVJndTdpOGI2VDlCWlp6MWtiNWZqYnk2?= =?utf-8?B?OGF5QlU4a2oxTmdSWEQxQkR1TmJaaEVHRjlSa01XREhDQitzdmVvMEtNYU1Q?= =?utf-8?B?MFJOczRYVUhpME1WbWthcS9wK1Z4RUxhRUoxaVd1NVBPdHRKZzlvUEtnZEo0?= =?utf-8?B?Q2N3YmVKR1NvdjVqSlhOQkJnRTVwMVIyU2JzM1FQTVBiNHlyR0ZpT091MG5X?= =?utf-8?Q?8QJEF3s/7nxq/RU+W7vM0L/K9fTl2EwYV6LGAek?=
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: eb9ba0b6-98b7-46f9-f0bd-08d8ffddf357
X-MS-Exchange-CrossTenant-AuthSource: DB8P189MB1032.EURP189.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Apr 2021 07:13:21.0587 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: yslKw9WUoMt1D663yySqgHwEFNM1NkDrU8JKG7bvurdH2/iEEmWADr/YLJbzeRxXh40aNJ0Py6xAx9q6pUhHPg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8P189MB0839
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/aRwe1NIKjbHsGqNSaIn4ubtwGcQ>
Subject: [Ace] draft-ietf-ace-key-groupcomm / Appendix with generalized format for sign_info_entry
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Apr 2021 07:13:29 -0000

Hello ACE,

Following the discussion at the virtual interim meeting this week (see 
[1] and slides 4-5 at [2]), I have focused on "Option 2" presented in 
slide 5 of [2].

You can find the changes in the commit at [3], and in the Editor's copy 
at [4] --- see last paragraph of Section 3.3.1 as well as the new 
Appendix B. Having this actually written down should make it easier to 
give any feedback :-)

To summarize, this doesn't change the format of 'sign_info_entry' as 
defined in the document body, and doesn't break any 
profile/implementation of this document.

On the other hand, the generalized format in Appendix B:
- Is both retrocompatible and future-proof for future registered COSE 
algorithms, with possibly more than only Key Type as their algorithm 
capabilities.
- If used with any of today's algorithms, it yields again the same 
'sign_info_entry' format defined in the document body.

The points above apply also in case "Option 1" in slide 5 of [2] was 
used, but "Option 2" appears to be cleaner, less invasive and not 
conducive to bad usages of the generalized format by profiles of this 
document.

Feedback are welcome!

Thanks,
/Marco


[1] 
https://datatracker.ietf.org/doc/minutes-interim-2021-ace-07-202104131000/

[2] 
https://datatracker.ietf.org/meeting/interim-2021-ace-07/materials/slides-interim-2021-ace-07-sessa-ace-key-groupcomm-oscore-00.pdf

[3] 
https://github.com/ace-wg/ace-key-groupcomm/commit/025e37429b1bf628abc2e6d94892c8cb04846ad1

[4] 
https://ace-wg.github.io/ace-key-groupcomm/v-12/draft-ietf-ace-key-groupcomm.html

-- 
Marco Tiloca
Ph.D., Senior Researcher

Division: Digital System
Department: Computer Science
Unit: Cybersecurity

RISE Research Institutes of Sweden
https://www.ri.se

Phone: +46 (0)70 60 46 501
Isafjordsgatan 22 / Kistagången 16
SE-164 40 Kista (Sweden)