Re: [Cbor] To be signed with packed CBOR
Carsten Bormann <cabo@tzi.org> Mon, 03 August 2020 22:24 UTC
Return-Path: <cabo@tzi.org>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E14803A0CF1 for <cbor@ietfa.amsl.com>; Mon, 3 Aug 2020 15:24:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.003
X-Spam-Level:
X-Spam-Status: No, score=0.003 tagged_above=-999 required=5 tests=[RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9D5IL8jsQqpf for <cbor@ietfa.amsl.com>; Mon, 3 Aug 2020 15:24:53 -0700 (PDT)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AC363A0CB0 for <cbor@ietf.org>; Mon, 3 Aug 2020 15:24:53 -0700 (PDT)
Received: from [172.16.42.101] (p5089ae91.dip0.t-ipconnect.de [80.137.174.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4BLC9v1430zyTb; Tue, 4 Aug 2020 00:24:51 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <24290.1596475304@localhost>
Date: Tue, 04 Aug 2020 00:24:50 +0200
Cc: Jim Schaad <ietf@augustcellars.com>, Brendan Moran <Brendan.Moran@arm.com>, cbor@ietf.org
X-Mao-Original-Outgoing-Id: 618186289.6268409-2194261e2eeb274e7647d77bc14495a8
Content-Transfer-Encoding: quoted-printable
Message-Id: <6E7FE97D-3333-43E7-8BD2-D1554796E774@tzi.org>
References: <04b501d6685b$932fbbe0$b98f33a0$@augustcellars.com> <24290.1596475304@localhost>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/Uxrs4kiuJv_YVzIN1gL_lCJzwBU>
Subject: Re: [Cbor] To be signed with packed CBOR
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Aug 2020 22:24:56 -0000
On 2020-08-03, at 19:21, Michael Richardson <mcr+ietf@sandelman.ca> wrote: > > I really think one needs to sign the packed content. Generally, we don’t sign the content (XMLDSig anyone?), but the message. And that was packed. (And the whole point about packed CBOR is that you may never need to fully unpack it.) The signing input does not need to be limited to that. So if there is an external context that provides, e.g., dictionary IDs, I would expect that to be part of the signing input (where the “ID” needs to uniquely identify an immutable dictionary for a signature, either by hash, or by registry). Grüße, Carsten
- [Cbor] To be signed with packed CBOR Jim Schaad
- Re: [Cbor] To be signed with packed CBOR Brendan Moran
- Re: [Cbor] To be signed with packed CBOR Michael Richardson
- Re: [Cbor] To be signed with packed CBOR Michael Richardson
- Re: [Cbor] To be signed with packed CBOR Carsten Bormann
- Re: [Cbor] To be signed with packed CBOR Michael Richardson
- Re: [Cbor] To be signed with packed CBOR Carsten Bormann