IETF Logo Mail Archive

Re: [Cbor] Deterministic CBOR as a possible DISPATCH item

Laurence Lundblade <lgl@island-resort.com> Mon, 06 March 2023 21:41 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E6FFC1526ED for <cbor@ietfa.amsl.com>; Mon, 6 Mar 2023 13:41:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8_RThIrTtRzj for <cbor@ietfa.amsl.com>; Mon, 6 Mar 2023 13:41:47 -0800 (PST)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on20708.outbound.protection.outlook.com [IPv6:2a01:111:f400:7eaa::708]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCA58C14E511 for <cbor@ietf.org>; Mon, 6 Mar 2023 13:41:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Qb7IEccme54yLkGqrpofMxwwNrVUjfHX5IFuoCZa3oknuF2RmFVyCDbFUAd9C3nGQpEnieQykbD14DRmcJT7CViDGKg2UhzInE87yUoznSnV07qyYPEFN6ygemQibY0GSxJd9LtfFqOcFbVpb6MWgzS8c7X2k4Ner1lDRoes6/bYkbguAT1X8s80egC8W9loYgAtAMzR8uvVXt42pkfO4uSTNw6vTQdTqYQb+kV+CR4nIvh3nE1fq3DmH3tgtIGSOmRZD3xnaKFIrElCBMEcI8RPoRDNQKz0chLcW/C+3IqDz3AeuoVnHldkMEcrX9RBIVHmqXo5B+BZ6wh2kwc6GA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Fhr0F5YpOCOfl5M+Yv2X37nRKONX4xMnJpteLqAFAWs=; b=MoSyIdnERD6DUqlERiVB3P4wD/C2yusXrdN9VZ0jgHleUFoGFuqWWkRspG+YLJXkIZEPn6j9ZENIORH9YNK9ZVoVqkoq+vV3PYHwUgEVxwAGbn8s/T4d0kT8uwjB7fiEEVg8ACR7LfKKHNP/mYKX1ZpsYtIJsEqQEfAhMyv27wI+BewtCWZVTxgvrN8/cCoK8+NMIvvwjxHSUVwgr6NVw5GmAA+ar87xax/WYByX+6AHA7r2+jsO48k6+zmXP+RKvT4RkWTShvD/zMYwqN/+hSYZECbOovhE9Z14TVoE4aDb6WQAFRrT30/1aZnOTy1Zw8umQls+hIdcuEDCdNe35Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=island-resort.com; dmarc=pass action=none header.from=island-resort.com; dkim=pass header.d=island-resort.com; arc=none
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=island-resort.com;
Received: from PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8) by SJ0PR22MB3949.namprd22.prod.outlook.com (2603:10b6:a03:4e9::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6156.28; Mon, 6 Mar 2023 21:41:44 +0000
Received: from PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1aae:283a:d7b:3d58]) by PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1aae:283a:d7b:3d58%3]) with mapi id 15.20.6156.027; Mon, 6 Mar 2023 21:41:44 +0000
Content-Type: text/plain; charset="utf-8"
From: Laurence Lundblade <lgl@island-resort.com>
In-Reply-To: <EDA4AD3D-F354-4A34-A403-9E71E91106E8@tzi.org>
Date: Mon, 06 Mar 2023 13:41:42 -0800
Cc: Wolf McNally <wolf@wolfmcnally.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, cbor@ietf.org, Christopher Allen <ChristopherA@lifewithalacrity.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <8D4FCDA8-D281-4421-B32E-76258F5403AD@island-resort.com>
References: <A9CF043D-4FA9-48D4-B953-3BE7AA40D1E0@tzi.org> <D25A0C94-ADAD-4C3D-8669-AA7FE9A6B3C4@wolfmcnally.com> <FA0E2D22-37F4-4C27-B5F5-E841D13EF0CF@tzi.org> <1DA00A88-64DF-48FD-B03E-10B520934DD2@island-resort.com> <3D57170C-61E4-4192-8B5F-120134ADA964@tzi.org> <F16409C6-81FF-4C99-A465-0BE1C07AD603@island-resort.com> <EDA4AD3D-F354-4A34-A403-9E71E91106E8@tzi.org>
To: Carsten Bormann <cabo@tzi.org>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-ClientProxiedBy: SJ0PR05CA0004.namprd05.prod.outlook.com (2603:10b6:a03:33b::9) To PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: PH7PR22MB3092:EE_|SJ0PR22MB3949:EE_
X-MS-Office365-Filtering-Correlation-Id: 1ed48a85-76fd-4ad9-5489-08db1e8b943f
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: qdK16j4aDJ1XBHzd/2U/Khue5uTu7ZPtnW3wFh/4kFaGFRuggqI1x/ztdov05cjFB84m0Z35MLcU1isoJurlPPOk2Ra+s055jZDdR1X1VcTbXe5DLkZrmXdyLB4mJV7BbVHrNGsn/ojw1qexEkM3L2FHsyznqetcGFbpSMfl/lGnHdBWhvfi6bYnxm+toYiL9z0GzM0mXprUQWYG+bv6yuyDN1dUgehEgWxPk5/5A5IbTmSMz6x4+Ps50wZOdkVjDui57RmMud6KDXyzVzZ2p3uwDK+MxcntzKAdCbwbNPPjgTwOUQy9jqR6oBiER33UDOarUsRC6NKVU946/AuuKjkqhEcfRiEoW5JYfZCVjlpnfHVU7syUHQ5aGf6S4DNHe8nDA9DFv3RgkRb7iwvO6gV023cRTBFQWdr6c4Lzi2/e0OinRM40367TO+rppz6aba1bzb31t8PbQe1953kbtmKu7h4+sKMWuYLmIjDtTgdB5iID9gJtMoF6XLXxfcCpclc9dwmq2A4IZM30iVaA6D+Fs6b9ec5V6OCVCQkXxw6/x8RstpvzwHlhoQKhoMtelbPE4sgYZcel12kn3ukFBhexh04d59c3g690rutuXuks3WWwbgsX8ssOrXvz8GU/MVbJf1VMgXASoBoOJwxk7MS4DALHzMiUX35WuJ2sivLXP9Si0UIAe5xhacircMTHKQv7AVqH51m0tMv7fRjAXcrW2Poql4NNCFuor6PY5SE=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR22MB3092.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(346002)(39830400003)(366004)(136003)(376002)(396003)(451199018)(26005)(6506007)(6512007)(53546011)(6486002)(36756003)(33656002)(86362001)(38100700002)(38350700002)(83380400001)(186003)(2616005)(66556008)(66946007)(66476007)(41300700001)(6916009)(8676002)(4326008)(2906002)(8936002)(5660300002)(478600001)(52116002)(316002)(54906003)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 5T55ODotiBJSt+0BDnGLqa5+OkJcrKx+QkSO0rMMw/UDz49RxORXgH10y52QpTOeKLVcVarYHldVDv+fY/05Q4ZOHkaqPv4BKRG3hhuzqvf9yPhjVCGs9wjfP692euCe4X+BrfCaGxXa9iR7wG/icqL+SK9yzcIJX9dMrZOZSfJQoEj9id0HI2WyD7Ug6Wqk9HQ+7AT2sKRbRF0+xgHylDVxHrqjAfh6is4GjqRrF6oMsM2AoQ7Y41/VR+oEw3AksyNF4aVgZuLRsNCScLTYDehTPiy9hTyzyA4nnVzkd17Z2fNA+ZcNrVnOAaS2BhQ167K213Amaxe1pmd4KTo1OYJCG/RnSxgygJqJFEHvvJOnptvUDA/AOHTneSWuxBYizLHAJrB9ykW3XO+Zsw+QMslVyg+kINc6Hat0oDx3Sd+PzUHRTQxw1nvhOPXgFrRPa9/8QBcX6C+AIa645ngI8a9fezvrOCrceBhbepfUWCn0xmCjU8lbL2JPs4mRGFNqYQ+M09w59uCInEYVydASAjNU3SFePPFxKSP5rs3n4HYHBpYgIweal1NcaVOo/mBqmrCwNvzG6nQSCSvDmVQoUeSlDVtzC0JHaVyjGru0Xa/3GjkVM5hkDee/AD4iObViOT3+kfr7Sn00ZYZagHBqMmJ37sPNWWgrHqO9u087papIvAdHYek2Ff2LDl8ow/Nhcf9e3RM+XZ8EQ04Akk3GSI4g097yjEZ71SF7eylXdEk2O+MXtiQnou/1XX+O5xJlDN1SOwQeVpKz6ZvzGGdm70Fd7t3Djpz9GozQDsUy7feZwUBuzfFYpa99xc/Mk5n6b6stJHPoVeYBuxZdDXHFoco6vsnbTNbx+3+V/VxcTZCg4rcOv2dB3DVs6NFrfx9l2gI2YdfsKjZ2k9aeW9ijNIMYAP0eDH8Kx/U725IpOKFnF+zid2s+MzTRzhGxkVZRmhUOjF3isZjX61ADjyghkpdqRPN8WT4k8WU2pKbeNMsElCVlDcqQKR/PQWmZ0w1uUslTLvn7LJK85KLpNwWGh5jga1OPamRmVWYVkn5nPrwXzZOke5PkQZRcqpeDSbKRVvkvN8+EYBccyHWJLe3DSBKzz5KR8XeMznoLOmLDA0/jMmyLfSrCROkNhfoiRg0BjnMyPOYIlKJv1fLOggkZfM+0vjD9oRO8o0/XpatiQUvutsSRllELOT6Z0ByVjdGico1oCqeFXAHG/OuGlIwFZhPVOzzYEUJPWFcd0SOcW+F2bh77sC/4mKwdeyCC3k5QNKMr//XrCMOwLafehBKJaYYkNRGp9pm9lIpSTPSSGTH7skX8lj5pn8DQz0Q4PHGTCzcML86NBXxyObnZdugdnzrKlmIlsSjpL6fs3ZFJvTOCLsZYtQCzCuyH4HQuv7FfrIvSklDZPjiawamCJOD9YO3lBiiwSdaDLMED5UYeYemMtP/d2aAAPbyrJxbQZNklE0zVpFbitV4YHKfet9/EtBZMgvmCKby2sGQfIdgWsF/fYfLh5MNM4Fle8Zt+RBQqCiv8DUL35EGBAjTG05xnvEp8L4DrTrm1DVRJu1K55DGaHH0QZ3gB5nIUVDIsm2esjuLb8DOYz72/lPuZE06MKQ==
X-OriginatorOrg: island-resort.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1ed48a85-76fd-4ad9-5489-08db1e8b943f
X-MS-Exchange-CrossTenant-AuthSource: PH7PR22MB3092.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Mar 2023 21:41:44.0928 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: ad4b5b91-a549-4435-8c42-a30bf94d14a8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: GV0eN+sJs8giTC1D7/dVC9Ud2MKugEMwqDpUkXlVl+j8tdkkO3KzOJus+MuQ/UAogBanJ46SollmVer0n4wfeA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR22MB3949
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/5WywF6z0Thvoiyn5Cw_c5LjcNss>
Subject: Re: [Cbor] Deterministic CBOR as a possible DISPATCH item
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Mar 2023 21:41:52 -0000

> On Mar 6, 2023, at 12:45 PM, Carsten Bormann <cabo@tzi.org> wrote:
> 
> On 2023-03-06, at 19:22, Laurence Lundblade <lgl@island-resort.com> wrote:
>> 
>> Here’s a simple protocol to show that deterministic CBOR serialization is not required for signing.
> 
> A significant design decision of COSE was not to require onerous forms of deterministic CBOR to compute the signing input — for the subset of CBOR used for that, preferred encoding is sufficient.  Note that for this subset, preferred encoding *is* deterministic encoding.
> 
> Of course, you can compute the signing input using some other form, but why would you?  Preferred encoding is already available to you and its use reduces the attack surface.
> 
> Of course, if the signing input is generated (e.g., from data at rest) in a more complicated way than COSE does, full deterministic encoding can be useful.

Maybe the misunderstanding here is cleared by this distinction?

1) Signing input to the final signing algorithm (e.g. ECDSA+Hash, EdDSA,...) — the Sig_structure. It is deterministically serialized because the sender and receiver serialize it independently. It is never transmitted. This is internal to the design of COSE, is all good and well and is only of consequence to implementors of COSE internals (like me).

2) The COSE_Sign payload — This doesn’t have to be serialized in any particular way, doesn’t have to be well formed and doesn’t even have to be CBOR. It is transmitted so the receiver has exactly what the sender had. This is what my temperature sensor example was about.

Maybe you are talking about 1) and I’m talking about 2)?


To go further and kind of wrap the discussion around in a weird way, it seems to be the dCBOR folks are talking about payload as in 2), BUT they have situations where they payload bytes are not transmitted like 1).

LL

v2.37.1 | Report a Bug | By Email | System Status