Laurence Lundblade <> Thu, 16 December 2021 18:58 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D61993A0E53 for <>; Thu, 16 Dec 2021 10:58:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Mia6z4rROAIh for <>; Thu, 16 Dec 2021 10:58:49 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 713563A0E57 for <>; Thu, 16 Dec 2021 10:58:48 -0800 (PST)
Received: from [] ([]) by :SMTPAUTH: with ESMTPA id xvxnmvZzRffcCxvxomhuq9; Thu, 16 Dec 2021 11:58:48 -0700
X-CMAE-Analysis: v=2.4 cv=e8HD9Yl/ c=1 sm=1 tr=0 ts=61bb8c68 a=VPU1mRQhDhA4uSX60JRRww==:117 a=VPU1mRQhDhA4uSX60JRRww==:17 a=IkcTkHD0fZMA:10 a=l70xHGcnAAAA:8 a=K6EGIJCdAAAA:8 a=KFEQp-AZ9d-iabaY9fUA:9 a=QEXdDO2ut3YA:10 a=JtN_ecm89k2WOvw5-HMO:22 a=L6pVIi0Kn1GYQfi8-iRI:22
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
From: Laurence Lundblade <>
In-Reply-To: <12621.1639667925@localhost>
Date: Thu, 16 Dec 2021 10:58:47 -0800
Cc: "" <>, cose <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <> <9912.1639076050@localhost> <> <12621.1639667925@localhost>
To: Michael Richardson <>
X-Mailer: Apple Mail (2.3445.104.17)
X-CMAE-Envelope: MS4xfGamNMVIkCj2I9KOmAKbGh/Z3u0MeUmUPZusjywpVKKOukZ56PoGkRYs0Hq7VK/wy9r99n/g5mp6FcQMKvchV3xyJ2q91AoJ1OpxKSiyPArn212G5w+x pbzS6mtXE5XLEaBqFriAZF6NAK52nLRlBhSYU2+gzbylLHJ5UtyFG8w02bSZ+HHV41lr7pJ1obt2ZSqc/dH99wXmo+kv5IKK04521LfXGunPBf+K7X4Svh0b rls9ux7gkLKJ7C470UtbHw==
Archived-At: <>
Subject: Re: [Cbor] [COSE] CDDL for COSE + EAT/CWT + SUIT + CoSIWD
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 16 Dec 2021 18:58:55 -0000

On Dec 16, 2021, at 7:18 AM, Michael Richardson <> wrote:
> Laurence Lundblade <> wrote:
>> For example, I find what CoSWID does awkward:
>> - Replicating code and definitions generally seems poor practice
>> - It excludes the possibility for encryption
>> - It doesn’t define what EAT needs, a signed or unsigned message that
>> is always a tag, somewhat motivating me to replicate/author CoSWID CDDL
>> in EAT.
> I think that this is because we haven't gotten a library/public-include
> system for CDDL.  So the urge is to make documents self-contained.

It didn’t replicate all of the COSE CDDL, just the parts to enable control of the headers and to allow specification of the payload with .cbor.

It did replicate not enough to be self-contained, so I don’t think that is the reason.

Also, it doesn’t just replicate the CDDL, it modifies it! This is so the CDDL also controls some of the COSE headers. (Again, I find this odd and awkward; CWT and EAT don’t try to control the COSE headers).

I think the reason is so the CDDL specification is more thorough and covers more of the CoSWID protocol. It is so prose is not relied upon for these.

It is also a cool use of CDDL templates.


Note, that I have replicated COSE CDDL in the EAT document build system so I can do thorough CDDL validation of the EAT examples, but it is not part of the published document. I’m also using curl to fetch CoSWID and SUIT CDDL for this. All of this is because we don’t have a scheme for publish/reference, #includes and such. If all this broke because the URLs changed or the CDDL in CoSWID CDDL in GitHub was refactored or such, all that would break is the CDDL validation. The EAT document and building of the EAT document doesn’t rely on any of it. (Thanks Thomas)