IETF Logo Mail Archive

Re: [Cbor] Deterministic CBOR as a possible DISPATCH item

Laurence Lundblade <lgl@island-resort.com> Mon, 06 March 2023 18:23 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4757C151AE2 for <cbor@ietfa.amsl.com>; Mon, 6 Mar 2023 10:23:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ub6zM9g1-p0V for <cbor@ietfa.amsl.com>; Mon, 6 Mar 2023 10:23:06 -0800 (PST)
Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2070f.outbound.protection.outlook.com [IPv6:2a01:111:f400:7eb2::70f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1244C14EB14 for <cbor@ietf.org>; Mon, 6 Mar 2023 10:23:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AQIn0O8c3T81CKXvQ4XEqPgFzWVZfk8pF6aYnTKE6E23tLCOQsmsdsKbSQIigDzmTjIvLhZDSS1dyX0ymcIQYiJeE9dIsSSjpP1cqLuZanR/eQWYpcRA/LTGVfY/PH38EPztiUw9CNrHh+XfVsorecvS8WUvOmX07hCb7Cnse+6pXxqO4hOmWJeNl5Fs07/Hff2mkRm4+4svwL3tBgzKLCZ1edd9nC5b/St0TLckCfwNAVgbuT7Y9/eCzZt83azhVkb9wTUcCnl6fVugcyrcrCIq2BLxgFf24HOVJZAFr33ztQYrv0XmxGtkVeJMt5QSgfGkO+vP7Wv8WOFeVWLDEQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SGtVIfLg9yZxVLR0xTGneDVi0BKn7ZTTQqTZjoZ1LKs=; b=I/6jGGm9tG6nMAw/3Po8xTNFRes7XBt3+05j1nP2evjGfgx8f80diAdt11hJx3//kArzY3n8sJOgwqc+FK0hNdodg712NNAe695CxuW4U8nVxAHFO28AjqN+xSRPcqWQO41D5kvki+U22L9OKODCBmKLK2tFP/eOAeq1aqFvFkmiplxzViL8EC6TII59pCCWLXIGjfECEZ4b0IgstE7pvf9vjyPB4MM8k6yNVZpHmCWN+iR34iDvI8y3EAkNg3FbuPMaF9Qg9mh9cbIIEjoewWh5b3nSJJNzXATXT7znBNt32IyMfUdUpzN2oBOOaoygXyo6RahLKB/xASUcYf2Atg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=island-resort.com; dmarc=pass action=none header.from=island-resort.com; dkim=pass header.d=island-resort.com; arc=none
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=island-resort.com;
Received: from PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8) by SJ0PR22MB3191.namprd22.prod.outlook.com (2603:10b6:a03:3ee::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6156.28; Mon, 6 Mar 2023 18:23:00 +0000
Received: from PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1aae:283a:d7b:3d58]) by PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1aae:283a:d7b:3d58%3]) with mapi id 15.20.6156.027; Mon, 6 Mar 2023 18:23:00 +0000
Content-Type: text/plain; charset="utf-8"
From: Laurence Lundblade <lgl@island-resort.com>
In-Reply-To: <3D57170C-61E4-4192-8B5F-120134ADA964@tzi.org>
Date: Mon, 06 Mar 2023 10:22:55 -0800
Cc: Wolf McNally <wolf@wolfmcnally.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, cbor@ietf.org, Christopher Allen <ChristopherA@lifewithalacrity.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <F16409C6-81FF-4C99-A465-0BE1C07AD603@island-resort.com>
References: <A9CF043D-4FA9-48D4-B953-3BE7AA40D1E0@tzi.org> <D25A0C94-ADAD-4C3D-8669-AA7FE9A6B3C4@wolfmcnally.com> <FA0E2D22-37F4-4C27-B5F5-E841D13EF0CF@tzi.org> <1DA00A88-64DF-48FD-B03E-10B520934DD2@island-resort.com> <3D57170C-61E4-4192-8B5F-120134ADA964@tzi.org>
To: Carsten Bormann <cabo@tzi.org>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-ClientProxiedBy: SJ0PR03CA0273.namprd03.prod.outlook.com (2603:10b6:a03:39e::8) To PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: PH7PR22MB3092:EE_|SJ0PR22MB3191:EE_
X-MS-Office365-Filtering-Correlation-Id: 7c77422f-24d2-4f31-eaec-08db1e6fd0e5
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: vXf0+1XLoLw7XljTN7TZyYU4EgpfVIvVj5L7Pivh42oGG/jIQWSU6B0nFU3C64ZpQpirPCsrk1j2LtOFFspqcAZn1NIonM4lNWHomYsiUoFeMroiehqxdEJxNNQZeYMw46eLGGMxY1M9lISnHILK7Go50SW/fssEMBIGrUypE+wad0gcKpwRpbZLJMU8nfew/so+7qPnaHUIFQgIpiMcEtM4Z+9gHKBbgSsqnHl6st+kS24FShkxFBdAsEDTm2V7BlFrqIVy4f6uHOZBDFWRfTLeDVOoh2hl7422UNDh5RfZdlznDO6vH7jMxU29kbJ1Re3KgcAMSdUlGzG1ApLsBYjRk9AwBUWEu32Y0deJc1ZQlM4HmGyIDohn/Vv9D4Niule+POVkJwUcg4AcESJ5OQsMciC1/m2mRQZ3RZPSeR2YikQouE/Ddw00nv7LsrKo2xn4hrnHbm3c2B4D1MFRtHlkT8falKXKXnfJYJ9S4l3Xs1wRbAyu1gX0PzJ6QCsYxW6rifxVg8ZppA34MQSdwbln1fFCIVAU6uCJBf+tEw9ScKIntXjeCoq27myoXF9MTUC1bl2jxnsTdT/o0ANu2M800qDTgabOA05XYhIT6BkEZvCYyeCjABk4OVAqvacGd0UUho90Vg26CAgbpnQ1R6Yg1QIyRAQ1J0iRXq6r5M7egEJjYWmphyDl3+YcVy3ecClS8kIFi2tnijdxeD5GTg+dvu9ZGrz2DXlzfL8Sl5I=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR22MB3092.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(396003)(39830400003)(346002)(376002)(136003)(366004)(451199018)(54906003)(36756003)(6486002)(316002)(83380400001)(86362001)(33656002)(186003)(5660300002)(2906002)(66476007)(8936002)(66556008)(6916009)(66946007)(4326008)(8676002)(41300700001)(478600001)(6512007)(6506007)(55236004)(6666004)(2616005)(53546011)(26005)(52116002)(38350700002)(38100700002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: gF7Nk3kU1JRbM5XpsUDHT+l1AfZzpWHjzJF9iAx2m9V8Oys3d8Cy+IMrVqZ178jVCTlXBvRDu0USQPB+C6Di/j9NpgRHLF3KVRtY/MyrbILG6CHss92XR/4DFgu0uMH198dnTFjHS34fVJ0RaOjic+1QEajyY7v+f6uWb1M7HiEdFWyKjdZgqDTQTy52/r+KNaI4NIkcp1eQgaq448ql9uUp8nmbBD0W7y4XT4n2mr3bpEChRi9Xvk42jUw6E83jIAOsMefhi7fMiy2WC/I7MQpzcjms/LZl776gZVPS/LgalnGXYhF22Dec+RO1HU0QFL7scadfaVJBRcgeDD7ukO/kn+xerPHWLBvxOxj8No1K58xEtgkL6xtWZspM6WanirkWPaFpqUuW2JbNeiOKRldY7Bg3ijnUv2Kz6Berc/W8dfPopfmmQq70N62xaQ0rMejrO12hB6T4Mv5CpYsuPPOXlBe7Z0TiGgmNIPSh/N1p0mtRfNLB2nsnNO2PXFTqrznC8fnIqRHlAJTI2KUoSKPm3Qqu1gtPy5Q7/G/Xy26liQVCYRJ/MYY/vQq2xb3l7YEA/2kI62zApl48tc2QFFK1Cp1g04fKmSnleKaArGekBDBfo2+kgvvn7LUDFP5MZmaFG2RzZe/VgDj2kFttf+fSK3/7MA30hObi1oSwABs7ojIOTDyc8MvKFMm2p4zI3GKRWqpANFCgztq9IHwvmSUUxDbfE9vyf+Cz59kmpWszodPwE6lhTyLDaYgppbnXZbv3K5NoxQC6cvpY8FgQKqeyGDsiCcWJSuPnaWUFZeC5C3csj512/MRVhd3UQWLKc7M8rzBlYewjN2Uj6a+6w8oz1G/JGQ1NhHSciJ4r/ltVnSdFbbotNaxlAgtXTlsWNLEzbv5ocV+C+keAIgW8/bLFnE3B9d45GDya9kc592zs7sNhG+ASqge2dJfSVZUJAD4YyQfUqzMncU0hEyidE1wmi4ZavwU+lMuT2WPLzx1AxUqQHYJc4XtuCtTE3X4oxvM9BTkOoh1YdZWx1rVn01FlMqb6iYDbH2FsnmmC9DNi2lN1q632MStB6/0yjGwO9oyQWnq0JUvgaBkjSB6hzz0Nn5BVXubXI6GOmKU73Sm6GGas4zDpE3AeKR1Gzsm9nH9CJVTEZvMAxwszpc+jhjQAryLqx+3TE8K/4zySzCzVUn/Poxx37TT7tei56rnTvHCl7lArgM3tmZEJSkucKfcOkwS2M6y69zyV/kOr9KTDZCy2MEEYgjQvyYyWyCw79/jOVk5JfdhoaGAPpjitVkEpT9d2k5gkhDmmSlQW/BBBWjyoE0YfBxSS2AlqDu3RD8rYGkrbkzUDmmHHVhE7B7yh8XAuG2ipDb6e2yz96Pj49oT22VJfIqtCIzX0QWNoqAzRFhxjRynvTHdBjdyvAQnNYWVa9ThEUxl8KvXqIyNJ23wMsWg18Q/fx62MKtDKPx0s+axOWJRzcyLqI955NQv4ybmm2400I7HzScu2tXDmGSTka/mGTIzhQzHwSSWqkx0LicPHalC9yT3dnFJmRbLCK4bGXXmMadfDV11NTO9vL47Pn6d7ygrjqyMfzhB7tfO5X+532e1JT6+H+AoOpQ==
X-OriginatorOrg: island-resort.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7c77422f-24d2-4f31-eaec-08db1e6fd0e5
X-MS-Exchange-CrossTenant-AuthSource: PH7PR22MB3092.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Mar 2023 18:23:00.0019 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: ad4b5b91-a549-4435-8c42-a30bf94d14a8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: V5SGuNLuOlzNxUvclkTE6tjvKMVfQYQFAoFlpDu+e5YcplqfMA4Z4XhW95ELUPd0KPd+vPlQ8SMN0rPVHsN8HA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR22MB3191
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/7ME_j8Yv8kQRT42aBvvnjmN1kTI>
Subject: Re: [Cbor] Deterministic CBOR as a possible DISPATCH item
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Mar 2023 18:23:06 -0000

> On Mar 5, 2023, at 12:58 PM, Carsten Bormann <cabo@tzi.org> wrote:
> 
> On 2023-03-05, at 21:10, Laurence Lundblade <lgl@island-resort.com> wrote:
>> 
>> 
>>> On Mar 5, 2023, at 5:29 AM, Carsten Bormann <cabo@tzi.org> wrote:
>>> 
>>>> Determinism is one such good practice when it comes to creating cryptographically enhanced documents.
>>> 
>>> Determinism is mostly unneeded in interchanged data items.
>>> (It is needed for signing inputs, which are therefore best designed to make determinism inexpensive.)
>>> It still is nice to have, e.g., for test scripts.
>> 
>> I don’t think determinism is required for signing.
> 
> That sentence only works for a weird definition of “determinism”.  
> I think you are confusing this term with “Deterministic Encoding”.
> RFC 8949 uses the terms "Deterministically Encoded” or "Deterministic Encoding” for a reason.  
> There is a limited area of application where that is a useful thing.  
> COSE signing needs the trivial subset of this (Section 4.1), but generally not the full generality of the requirements in Section 4.2, which need more work during implementation and possibly at runtime.
> 
>> When the signed data is transmitted with the signature, then the receiver has the exact bytes that were signed and can verify the signature. For example, determinism is not needed for COSE_Sign payloads.
> 
> I’d rather say “deterministic encoding is trivial” for where it is needed COSE.
> (COSE only uses arrays for building the signing inputs; these need to be deterministically encoded, which is trivial for most encoders as it is identical to preferred encoding; see Section 9 of RFC 9052, which is just a recap of the subset needed.)
> 
>> There are a few rare cases where determinism is needed for signing:
>> 
>> 1) The signed data data is not transmitted. It is instead constructed separately by the sender when signing and the receiver when verifying. The Sig_structure internal to COSE is an example of this.
> 
> The Sig_structure is built from the transmitted data in the following way:
> 
>   Sig_structure = [
>       context : "Signature" / "Signature1" / "CounterSignature",
>       body_protected : empty_or_serialized_map,
>       ? sign_protected : empty_or_serialized_map,
>       external_aad : bstr,
>       payload : bstr
>   ]
> 
> The creation of the encoded data item from this structure is (trivially) deterministic, and needs to be that.
> 
>> 2) The data is transformed in transmit. An example of this email signing like S/MIME because the old email protocols are text-based and change line endings and such. Both the sender and receiver have to be able to construct the same canonical representation because you can’t rely on the transport to not change it. I don’t think this happens when CBOR is transmitted.
> 
> That happens below the representation format layers we are concerned with here.
> 
>> So to me, CBOR determinism is technically only needed in rare circumstances.


Here’s a simple protocol to show that deterministic CBOR serialization is not required for signing.

In this protocol, a CBOR-encoded integer temperature reading is signed by a sensor and sent to a server. Some temperature sensors always serialize to a 64-bit integer, others a 32-bit integer and others use preferred encoding. There is no requirement that the integer be sent with a particular CBOR serialization (but there is a requirement the server be able to decode all integer forms).

The signature scheme here could be anything that can carry a payload — COSE, CMS, PGP, TLS or other — it doesn’t matter.

The signature verification is always possible because the receiver has the exact bytes that were signed. The signature verification would succeed even if the CBOR was not well formed.


That said, it looks to me that the Gordian Envelope is much much more complicated than just signing some transmitted payload. I would say something like “Gordian Envelope is a complicated cryptographic protocol that involves data in transit, data at rest plus modification and manipulation of CBOR-represented data. To make it work deterministic encoding is needed” — very different from the blanket statement that “deterministic CBOR encoding is required for (all) signing (in the known world)”.


> 
> For your definition of CBOR determinism…
> See above.
> 
>> All that said, I can still see why it might be good to have something like dCBOR standardized in a way that 8949 doesn’t. Sometimes it is nice to be able to do a binary comparison of two encoded structures.
> 
> If you want to do this, you indeed need deterministic encoding.
> (And, as I said, that is quite useful in test scripts.
> So if you don’t need the performance of simple preferred encoding, go ahead and make everything deterministic.)
> 
>> The variability in CBOR serialization does seem to cause a lot of discussion and confusion (e.g., in work on EAT). Because of the variability, there isn’t guaranteed interoperability between CBOR implementations.
> 
> You keep saying that...
> 
>> I’d speculate that this is slowing the adoption of CBOR.
> 
> There is way less variability than, say, for JSON.

Yes, but that doesn’t mean my speculation is incorrect.


…


>> P.S. I am not opposed to fixing QCBOR encoding of subnormals.
> 
> What is wrong with that encoding?
> Your IEEE 754 floating point hardware is likely to already give you all you need to get this right.
> 
>> I just have been working on other things. Note also that QCBOR doesn’t use floating point for half-precision, so the fix is a bit more work.
> 
> Can’t parse this.  How can you not use floating point for half-precision floating point?
> Maybe you are trying to say you didn’t implement half-precision floating point?
> There is code in the RFC you can copy.

This isn’t really of relevance to this discussion. Anders just brought it up. As you said, this can be fixed.

(I chose to implement the conversion between half, single and double-precision float with shifts and masks rather than floating point hardware or a floating-point library. This makes QCBOR more portable. Before I added conversion from bignum, decimal fraction, big float to regular float, it didn’t need any floating-point support at all other than float and double in the ABI. There’s a few corner cases with subnormals that I didn’t complete. I use the code in the RFC for regression tests.)

v2.37.1 | Report a Bug | By Email | System Status