Re: [Cbor] Review: draft-bormann-cbor-packed-00 & SUIT
Michael Richardson <mcr+ietf@sandelman.ca> Wed, 29 July 2020 17:53 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3C1E3A0D7F for <cbor@ietfa.amsl.com>; Wed, 29 Jul 2020 10:53:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XiVQqE5jXjt4 for <cbor@ietfa.amsl.com>; Wed, 29 Jul 2020 10:53:40 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17DB73A0D23 for <cbor@ietf.org>; Wed, 29 Jul 2020 10:53:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 7E65938A16; Wed, 29 Jul 2020 13:33:05 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 8WIu1Cc6ySk1; Wed, 29 Jul 2020 13:33:04 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 244A638A14; Wed, 29 Jul 2020 13:33:04 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id CEF7535C; Wed, 29 Jul 2020 13:53:36 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Brendan Moran <Brendan.Moran@arm.com>, Jim Schaad <ietf@augustcellars.com>, "cbor@ietf.org" <cbor@ietf.org>, Carsten Bormann <cabo@tzi.org>
In-Reply-To: <406B6702-3045-4490-8CD0-8E352F924714@arm.com>
References: <5E28C6E2-DFEC-4AF5-96CE-75E8F0927818@arm.com> <01d901d66503$2bbd93c0$8338bb40$@augustcellars.com> <7216D806-3473-463E-B6F2-AD8724AC56C6@tzi.org> <021e01d66535$57827d90$068778b0$@augustcellars.com> <406B6702-3045-4490-8CD0-8E352F924714@arm.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 29 Jul 2020 13:53:36 -0400
Message-ID: <24543.1596045216@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/3z5Cni6r2FEekOG8Mh-MH5j6QRc>
Subject: Re: [Cbor] Review: draft-bormann-cbor-packed-00 & SUIT
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2020 17:53:44 -0000
{please note that this converation is incomprehensible unless you render the HTML, so the archives are be useless. I feel that this thread should be in the SUIT WG too, but I won't CC because catching up will be hard} Brendan Moran <Brendan.Moran@arm.com> wrote: > My intent was to verify first, then unpack. This is because the > unpacked structure never exists, in its entirety, in memory. If you > have to unpack straight into the digest algorithm in order to verify, > you introduce a TOCTOU problem. If you verify first, you at least have > a static, verified object. I agree. I would write the encoder "sign the packed structure" (so decoder we verify first, then unpack...) I like this because it means: a) a third party can verify the signature without having the dictionaries. Clearly it can't audit the contents without the external dictionar(y/ies). b) at this point in the specification I'm unclear if multiple passes of the unpacked content is required. But, if we did want to permit such self-referential things, the decoder could wind up decoding infinite things. Such a thing ight be a desireable feature! We could accomodate such a thing if with sign the packed structure, because the decoder would know it's authentic before it tried to expand. > This could be an even harder question to ask with the use of an external > dictionary. There is one potential benefit w/ COSE in that the hash of the > dictionary could be included as external data. i.e. it could go into the protected bucket. > The problem with this approach is dictionary selection. We need some > way to hint a dictionary identifier if it’s not obvious. This could be > a tag, an element in the Tag 6 array, some kind of OOB signal, or > something else. I think it needs to be in the tag 6 array. cabo> There are two aspects here: cabo> — how do we make sure the external dictionary cannot be surreptitiously cabo> exchanged by an attacker > This requires some sort of security mechanism. Using a COSE feature > that includes additional data is not ideal in SUIT because we support > COSE_Sign, COSE_Sign1, COSE_MAC, or COSE_MAC0, or any combination > thereof. This would mean that a COSE feature that includes extra data > would be duplicated for as many COSE objects as are included. Of > course, that’s not particularly relevant if the list of COSE objects is > also using packed CBOR, so maybe it’s fine. > Including a dictionary reference as AAD seems fine to me. In the SUIT > case, I think I would make it more explicit because we need to identify > which external dictionary to digest. cabo> — how do we make sure there is an unambiguous cabo> way to integrate the external dictionary/-ies into the prefix and sharing tables? > We need to (logically) concatenate the dictionaries together. The question is: which order? > From a pull parser perspective, I think I would suggest a stack-based model: > - Each dictionary is an element in a singly linked list. > - When you encounter a new dictionary, you push it onto the head of the list > - When you finish a rump element, you pop the dictionary associated > with it from the head of the list. > - When you find a dictionary reference in the rump, you traverse the > dictionary list, starting at the most recent. > - When you find a dictionary reference in a dictionary element, you > traverse the dictionary list, starting at the current dictionary. Implying that dictionaries can be created that are self-referential, and can blow up to infinite data streams :-) Unless you mean that dictionaries should be sorted so that they always (can only) reference forward, and you can start at the current location in the current dictionary. > This has several advantages: > - It’s compatible with including a packed CBOR object inside a packed > CBOR object without rewriting any references. > - The data model for dictionary traversal is fairly simple I agree. > It has several disadvantages: > - References have inconsistent meanings (Tag 6 (1) doesn’t mean the > same dictionary entry everywhere. It points to different dictionaries > in different places) > - The stack model requires some kind of allocation strategy to keep > track of the dictionaries. It's a stack of pointers. It can point at the in-band dictionary which can be processed by a pull-parser. Or at an out-of-band dictionary which is probably in "ROM" in some convenient format (probably CBOR map) > - The compressor has to be aware of the dictionaries of packed CBOR > objects it traverses in order to pack anything that appears within an > already packed CBOR object. In the SUIT case, the compressor is "cloud" :-) > However, this may be naive as well. It implies that there is only a > list of dictionaries that applies at any point, rather than a > tree. This is probably accurate when looking at nested packed > objects. It might be more of a problem with external dictionaries. > I think that external dictionaries *outside* an authentication object > probably don’t require authentication, since the authentication object > itself will naturally verify these data. However, any external > dictionary represented *inside* an authentication object MUST also be > authenticated. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Cbor] Review: draft-bormann-cbor-packed-00 & SUIT Brendan Moran
- Re: [Cbor] Review: draft-bormann-cbor-packed-00 &… Jim Schaad
- Re: [Cbor] Review: draft-bormann-cbor-packed-00 &… Carsten Bormann
- Re: [Cbor] Review: draft-bormann-cbor-packed-00 &… Jim Schaad
- Re: [Cbor] Review: draft-bormann-cbor-packed-00 &… Brendan Moran
- Re: [Cbor] Review: draft-bormann-cbor-packed-00 &… Michael Richardson
- Re: [Cbor] Review: draft-bormann-cbor-packed-00 &… Brendan Moran
- Re: [Cbor] Review: draft-bormann-cbor-packed-00 &… Michael Richardson
- Re: [Cbor] Review: draft-bormann-cbor-packed-00 &… Brendan Moran
- Re: [Cbor] Review: draft-bormann-cbor-packed-00 &… Michael Richardson