Re: [Cbor] Packed CBOR review

Carsten Bormann <cabo@tzi.org> Thu, 17 June 2021 11:33 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A77AC3A1BD5 for <cbor@ietfa.amsl.com>; Thu, 17 Jun 2021 04:33:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_FAIL=0.001, SPF_HELO_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YFcylCF0k1Ja for <cbor@ietfa.amsl.com>; Thu, 17 Jun 2021 04:33:22 -0700 (PDT)
Received: from gabriel-2.zfn.uni-bremen.de (gabriel-2.zfn.uni-bremen.de [IPv6:2001:638:708:32::19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 977F93A125B for <cbor@ietf.org>; Thu, 17 Jun 2021 04:33:22 -0700 (PDT)
Received: from [192.168.217.118] (p548dcc89.dip0.t-ipconnect.de [84.141.204.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4G5KgM4SP4z2xH1; Thu, 17 Jun 2021 13:33:19 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <146F670A-48EA-4A90-B77C-4CCC535F1DB1@arm.com>
Date: Thu, 17 Jun 2021 13:33:19 +0200
Cc: "cbor@ietf.org" <cbor@ietf.org>
X-Mao-Original-Outgoing-Id: 645622399.222345-b68f99616412b1606c3d72aac97c4766
Content-Transfer-Encoding: quoted-printable
Message-Id: <6195BD3A-A031-47BD-866E-AF3D4D423A0B@tzi.org>
References: <8713C3AB-71C0-4EC0-8977-15F80EC11309@arm.com> <212CE7EA-73BC-47BF-B192-D2D523F4A376@tzi.org> <33C84949-0F9C-432C-9C94-DE2C9EE17976@arm.com> <3F367A6D-5CAD-474F-AFEE-DF1AC9A34135@tzi.org> <146F670A-48EA-4A90-B77C-4CCC535F1DB1@arm.com>
To: Brendan Moran <Brendan.Moran@arm.com>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/LeabfX0aNrqJ4fSblD_V-LusN5w>
Subject: Re: [Cbor] Packed CBOR review
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jun 2021 11:33:27 -0000

> On 2021-06-17, at 13:17, Brendan Moran <Brendan.Moran@arm.com> wrote:
> 
>> How would the hash reference specify the algorithm?
>> (I think CFRG would tell us that collision resistance between algorithms isn’t a well-defined property.)
> 
> We could possibly reuse SUIT digest definitions for this:
> suit-digest = [algorithm-id : uint, digest: bstr]
> 
> If we use a second tag for the reference table setup, this is unambiguous.
> 
> Alternatively, cbor-wg or cose-wg could define tags for common digest algorithms.

I thought COSE did: https://datatracker.ietf.org/doc/draft-ietf-cose-hash-algs/
(in RFC editor queue; registrations already done) did this:

   | Name        | Value | Recommended |
   |-------------|-------|-------------|
   | SHA-1       |   -14 | Filter Only |
   | SHA-256/64  |   -15 | Filter Only |
   | SHA-256     |   -16 | Yes         |
   | SHA-384     |   -43 | Yes         |
   | SHA-512     |   -44 | Yes         |
   | SHA-512/256 |   -17 | Yes         |
   | SHAKE128    |   -18 | Yes         |
   | SHAKE256    |   -45 | Yes         |

Grüße, Carsten