Re: [Cbor] To be signed with packed CBOR
Michael Richardson <mcr+ietf@sandelman.ca> Tue, 04 August 2020 19:30 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DA573A1128 for <cbor@ietfa.amsl.com>; Tue, 4 Aug 2020 12:30:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fkZ2G4876FnE for <cbor@ietfa.amsl.com>; Tue, 4 Aug 2020 12:30:45 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01B3F3A111A for <cbor@ietf.org>; Tue, 4 Aug 2020 12:30:44 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id C814938996 for <cbor@ietf.org>; Tue, 4 Aug 2020 15:10:05 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id wP0vD1VRIAKi for <cbor@ietf.org>; Tue, 4 Aug 2020 15:10:01 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 4E63138991 for <cbor@ietf.org>; Tue, 4 Aug 2020 15:10:01 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 871E11F7 for <cbor@ietf.org>; Tue, 4 Aug 2020 15:30:39 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: cbor@ietf.org
In-Reply-To: <6E7FE97D-3333-43E7-8BD2-D1554796E774@tzi.org>
References: <04b501d6685b$932fbbe0$b98f33a0$@augustcellars.com> <24290.1596475304@localhost> <6E7FE97D-3333-43E7-8BD2-D1554796E774@tzi.org>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Tue, 04 Aug 2020 15:30:39 -0400
Message-ID: <16372.1596569439@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/B82fsyMz5Alzn0XI3djJ2vCF5Go>
Subject: Re: [Cbor] To be signed with packed CBOR
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2020 19:30:47 -0000
Carsten Bormann <cabo@tzi.org> wrote: > On 2020-08-03, at 19:21, Michael Richardson <mcr+ietf@sandelman.ca> wrote: >> >> I really think one needs to sign the packed content. > Generally, we don’t sign the content (XMLDSig anyone?), but the > message. And that was packed. (And the whole point about packed CBOR > is that you may never need to fully unpack it.) So we are all in agreement. > The signing input does not need to be limited to that. So if there is > an external context that provides, e.g., dictionary IDs, I would expect > that to be part of the signing input (where the “ID” needs to uniquely > identify an immutable dictionary for a signature, either by hash, or by > registry). We both agree that dictionary IDs (or hashes) have to be part of the signed content. But, are you saying that dictionaries used would be visible at the COSE level, such as in the protected bucket? I would think it's part of the signing input, because it's part of the "tag-6" structure. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Cbor] To be signed with packed CBOR Jim Schaad
- Re: [Cbor] To be signed with packed CBOR Brendan Moran
- Re: [Cbor] To be signed with packed CBOR Michael Richardson
- Re: [Cbor] To be signed with packed CBOR Michael Richardson
- Re: [Cbor] To be signed with packed CBOR Carsten Bormann
- Re: [Cbor] To be signed with packed CBOR Michael Richardson
- Re: [Cbor] To be signed with packed CBOR Carsten Bormann