Re: [Cbor] Benjamin Kaduk's Yes on draft-ietf-cbor-sequence-01: (with COMMENT)

Carsten Bormann <> Wed, 25 September 2019 12:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 92F8D120274; Wed, 25 Sep 2019 05:21:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id U-XBLZdqCs7E; Wed, 25 Sep 2019 05:21:29 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 217D412010E; Wed, 25 Sep 2019 05:21:29 -0700 (PDT)
Received: from [] ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 46dcc708Zdz10fT; Wed, 25 Sep 2019 14:21:26 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Carsten Bormann <>
In-Reply-To: <>
Date: Wed, 25 Sep 2019 14:21:26 +0200
Cc: Jim Schaad <>,,, The IESG <>,
X-Mao-Original-Outgoing-Id: 591106884.773729-50fcee6305e71783d708ad8e0c66fafd
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <008401d56e91$caf513f0$60df3bd0$> <>
To: Benjamin Kaduk <kaduk@MIT.EDU>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <>
Subject: Re: [Cbor] Benjamin Kaduk's Yes on draft-ietf-cbor-sequence-01: (with COMMENT)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 25 Sep 2019 12:21:32 -0000

On Sep 19, 2019, at 04:40, Benjamin Kaduk <kaduk@MIT.EDU> wrote:
> On Wed, Sep 18, 2019 at 07:27:29PM -0700, Jim Schaad wrote:
>> One response down below.
>> -----Original Message-----
>> From: Benjamin Kaduk via Datatracker <> 
>> Sent: Wednesday, September 18, 2019 4:41 PM
>> To: The IESG <>
>> Cc:; Jim Schaad <>om>;;;
>> Subject: Benjamin Kaduk's Yes on draft-ietf-cbor-sequence-01: (with COMMENT)
>>> Section 5
>>> I might note that when COSE is applied to the elements of a sequence, the cryptographic protection is on a per-element basis, and thus there is no guarantee of relationship between level of protection, source authentication, time of generation, etc., across members of the sequence.
>> [JLS] I don't believe that there is any requirement that there be only a single element of a sequence inside of a COSE wrapper.  If three elements are generated at the same time then all three could be placed into a single encryption.  Thus I am not sure how to say that the protection is on a per-element basis.  
> Perhaps (presumably?) this is just a question of semantics, but from where
> I sit, the output of a COSE operation is a CBOR array (that has at least
> three elements and maybe more depending on context, but that's not really
> relevant for the point I want to make).  If I'm using COSE to protect
> (some) elements of a CBOR sequence, then what goes into the sequence is the
> CBOR array resulting from the COSE operation.  Undoing that COSE operation
> may or may not produce more than one CBOR object, but those objects are not
> elements of the CBOR sequence in question; they are contained within an
> element of the CBOR sequence in question.  So, to me, the elements of the
> sequence are necessarily a single COSE output, even if the consuming
> application may assign different semantics to them.
>> While it is true there is not necessarily a relationship between each COSE object, each COSE object does have the ability to provide that information for each element of the sequence.  You have more than what you started with, where you had none of that, and now you have it for each element.  You just need to do key validation on each decryption.  That might be a better way to say things in that a stream could have multiple sources and thus multiple keys.
> Sure, making positive statements about what can be done is preferrable to
> just making statements about what is not guaranteed (though perhaps both
> would be needed; I haven't thought about what the text would look like very
> much).

I have tried to address this in

Grüße, Carsten

> -Ben
> _______________________________________________
> CBOR mailing list