Re: [Anima] draft-richardson-anima-ace-constrained-voucher
Jim Schaad <ietf@augustcellars.com> Mon, 30 April 2018 20:33 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D8B8127078; Mon, 30 Apr 2018 13:33:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2EBM53op9ZdE; Mon, 30 Apr 2018 13:33:53 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 482CB1270AB; Mon, 30 Apr 2018 13:33:53 -0700 (PDT)
Received: from Jude (50.252.25.182) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 30 Apr 2018 13:31:19 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Michael Richardson' <mcr+ietf@sandelman.ca>, anima@ietf.org
CC: draft-richardson-anima-ace-constrained-voucher@ietf.org
References: <030601d3de6e$2760f1f0$7622d5d0$@augustcellars.com> <24823.1525115896@obiwan.sandelman.ca>
In-Reply-To: <24823.1525115896@obiwan.sandelman.ca>
Date: Mon, 30 Apr 2018 13:33:46 -0700
Message-ID: <042801d3e0c2$8ba4d8b0$a2ee8a10$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQLCkQGC20XMmbNAiHDKQUp73z+Q4wKjAcVIoidJeKA=
Content-Language: en-us
X-Originating-IP: [50.252.25.182]
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/XtYbLyWQMKgzDBFUCP1YqWuq2qs>
Subject: Re: [Anima] draft-richardson-anima-ace-constrained-voucher
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Apr 2018 20:33:56 -0000
I had to go back and double check that I had things right but there is a trick that can be played for the PKCS#7 people. A new content type id-ct-cborVoucher can be defined with the content of "these are the CBOR encoded bytes". That is NO ASN.1 wrapper is included. This works well for CMS The people who are stuck in the old world of PKCS #7 can encode this by using the ASN.1 type of OCTET STRING for this OID. The signature/verification process for them will strip the OCTET STRING type and lengths and just sign/verify the content of the OCTET STRING. This is the same as would be done for CMS. This trick works only if the new content type is OCTET STRING and would fail for any other ASN.1 type Jim > -----Original Message----- > From: Michael Richardson <mcr+ietf@sandelman.ca> > Sent: Monday, April 30, 2018 12:18 PM > To: anima@ietf.org; Jim Schaad <ietf@augustcellars.com> > Cc: draft-richardson-anima-ace-constrained-voucher@ietf.org > Subject: Re: draft-richardson-anima-ace-constrained-voucher > > > Jim Schaad <ietf@augustcellars.com> wrote: > > * In section 1 para #4 you appear to have a formatting error where a list > > was supposed to exist. > > Thanks, I fixed that in the markdown. > > peter van der Stok <stokcons@xs4all.nl> wrote: > >> * Section 5 - you have a return of multiple items with the same rt value. > >> However I would not want to have to filter through the list of return > >> values > >> to figure out which is the "root" one. Should this example have the > >> rt=ace.est attribute on all of the links? > > > The example is an example and people can decide to do it differently. > > Two alternatives: > > - only return the root collection > > - define additional rt values per resource > > > > You have a preference? I prefer the first approach > > I'm not clueful about this part, and generally quite fearful about parsing this > stuff. Sure, it's easy in Ruby, but it's the constrained C code that I'm > concerned about, so I don't understand the tradeoffs here. > > jim> * Suggest a strong recommendation on not use cmsVersion=1 to > make your life > jim> easier. > > In other words: to not be PKCS7 compatible, but require CMS processing. > > I think this is reasonable from a specification point of view, but there has > been pushback from people who have FIPS-140 libraries that they have hard > times getting updated. > > -- > ] Never tell me the odds! | ipv6 mesh networks [ > ] Michael Richardson, Sandelman Software Works | network architect [ > ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ >
- Re: [Anima] sending raw public key over the wire Jim Schaad
- [Anima] sending raw public key over the wire Michael Richardson
- Re: [Anima] draft-richardson-anima-ace-constraine… Michael Richardson
- [Anima] draft-richardson-anima-ace-constrained-vo… Jim Schaad
- Re: [Anima] draft-richardson-anima-ace-constraine… peter van der Stok
- Re: [Anima] draft-richardson-anima-ace-constraine… Michael Richardson
- Re: [Anima] draft-richardson-anima-ace-constraine… Jim Schaad
- Re: [Anima] draft-richardson-anima-ace-constraine… Jim Schaad
- Re: [Anima] draft-richardson-anima-ace-constraine… peter van der Stok
- Re: [Anima] draft-richardson-anima-ace-constraine… peter van der Stok