[Cbor] To be signed with packed CBOR
Jim Schaad <ietf@augustcellars.com> Sat, 01 August 2020 23:29 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A87933A103D for <cbor@ietfa.amsl.com>; Sat, 1 Aug 2020 16:29:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W2wWVTvFzeqH for <cbor@ietfa.amsl.com>; Sat, 1 Aug 2020 16:29:22 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1097A3A103C for <cbor@ietf.org>; Sat, 1 Aug 2020 16:29:21 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Sat, 1 Aug 2020 16:29:16 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Brendan Moran' <Brendan.Moran@arm.com>
CC: cbor@ietf.org
Date: Sat, 01 Aug 2020 16:29:14 -0700
Message-ID: <04b501d6685b$932fbbe0$b98f33a0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
Thread-Index: AdZoVSw+vsBVJFTHSuO8kQ2a2dqqlw==
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/a34HkbAiDaR7yp9tk-K0fidV31g>
Subject: [Cbor] To be signed with packed CBOR
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Aug 2020 23:29:24 -0000
Brendan, I know that this is currently an academic question, but something you said in the SUIT meeting has me slightly worried. The problem with being the note taker is that you never have anytime to mentally go down the channels of ideas that pop up. One of the things that you said is that the use of packed CBOR would make things better when there are multiple authentication structures on what is basically the same data. The problem is that if you do the packing prior to doing the signature, then you end up in the situation where you need somehow to also include the packing dictionary in the data that is being signed. I don't have enough knowledge of how the manifest works but if after a signing, one can add more information to the manifest and then apply packing to that section which could add more items to the packed lookup tables thus breaking the signatures. All, This is one of the reasons that I was asking questions about doing the signature on a packed or unpacked version of the data. The idea of adding things which might alter the lookup tables at the root means that you have problems knowing that what was signed is what is validated without doing things like walking the content to extract a new pair of lookup tables to include as part of the signed content. Jim
- [Cbor] To be signed with packed CBOR Jim Schaad
- Re: [Cbor] To be signed with packed CBOR Brendan Moran
- Re: [Cbor] To be signed with packed CBOR Michael Richardson
- Re: [Cbor] To be signed with packed CBOR Michael Richardson
- Re: [Cbor] To be signed with packed CBOR Carsten Bormann
- Re: [Cbor] To be signed with packed CBOR Michael Richardson
- Re: [Cbor] To be signed with packed CBOR Carsten Bormann