IETF Logo Mail Archive

Re: [Cbor] Deterministic CBOR as a possible DISPATCH item

Carsten Bormann <cabo@tzi.org> Sun, 05 March 2023 20:58 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59AFBC14F721 for <cbor@ietfa.amsl.com>; Sun, 5 Mar 2023 12:58:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FmXUs59EbHK3 for <cbor@ietfa.amsl.com>; Sun, 5 Mar 2023 12:58:20 -0800 (PST)
Received: from smtp.zfn.uni-bremen.de (gabriel-smtp.zfn.uni-bremen.de [IPv6:2001:638:708:32::15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8513CC14EB1E for <cbor@ietf.org>; Sun, 5 Mar 2023 12:58:19 -0800 (PST)
Received: from [192.168.217.124] (p548dc9a4.dip0.t-ipconnect.de [84.141.201.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4PVDZK0w1qzDCcQ; Sun, 5 Mar 2023 21:58:17 +0100 (CET)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <1DA00A88-64DF-48FD-B03E-10B520934DD2@island-resort.com>
Date: Sun, 05 Mar 2023 21:58:16 +0100
Cc: Wolf McNally <wolf@wolfmcnally.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, cbor@ietf.org, Christopher Allen <ChristopherA@lifewithalacrity.com>
X-Mao-Original-Outgoing-Id: 699742696.663193-243e551d833ff1ce103507681dc6a119
Content-Transfer-Encoding: quoted-printable
Message-Id: <3D57170C-61E4-4192-8B5F-120134ADA964@tzi.org>
References: <A9CF043D-4FA9-48D4-B953-3BE7AA40D1E0@tzi.org> <D25A0C94-ADAD-4C3D-8669-AA7FE9A6B3C4@wolfmcnally.com> <FA0E2D22-37F4-4C27-B5F5-E841D13EF0CF@tzi.org> <1DA00A88-64DF-48FD-B03E-10B520934DD2@island-resort.com>
To: Laurence Lundblade <lgl@island-resort.com>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/bhhO-WZWm3TVlZnWppsnSgr8mGo>
Subject: Re: [Cbor] Deterministic CBOR as a possible DISPATCH item
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Mar 2023 20:58:23 -0000

On 2023-03-05, at 21:10, Laurence Lundblade <lgl@island-resort.com> wrote:
> 
> 
>> On Mar 5, 2023, at 5:29 AM, Carsten Bormann <cabo@tzi.org> wrote:
>> 
>>> Determinism is one such good practice when it comes to creating cryptographically enhanced documents.
>> 
>> Determinism is mostly unneeded in interchanged data items.
>> (It is needed for signing inputs, which are therefore best designed to make determinism inexpensive.)
>> It still is nice to have, e.g., for test scripts.
> 
> I don’t think determinism is required for signing.

That sentence only works for a weird definition of “determinism”.  
I think you are confusing this term with “Deterministic Encoding”.
RFC 8949 uses the terms "Deterministically Encoded” or "Deterministic Encoding” for a reason.  
There is a limited area of application where that is a useful thing.  
COSE signing needs the trivial subset of this (Section 4.1), but generally not the full generality of the requirements in Section 4.2, which need more work during implementation and possibly at runtime.

> When the signed data is transmitted with the signature, then the receiver has the exact bytes that were signed and can verify the signature. For example, determinism is not needed for COSE_Sign payloads.

I’d rather say “deterministic encoding is trivial” for where it is needed COSE.
(COSE only uses arrays for building the signing inputs; these need to be deterministically encoded, which is trivial for most encoders as it is identical to preferred encoding; see Section 9 of RFC 9052, which is just a recap of the subset needed.)

> There are a few rare cases where determinism is needed for signing:
> 
> 1) The signed data data is not transmitted. It is instead constructed separately by the sender when signing and the receiver when verifying. The Sig_structure internal to COSE is an example of this.

The Sig_structure is built from the transmitted data in the following way:

   Sig_structure = [
       context : "Signature" / "Signature1" / "CounterSignature",
       body_protected : empty_or_serialized_map,
       ? sign_protected : empty_or_serialized_map,
       external_aad : bstr,
       payload : bstr
   ]

The creation of the encoded data item from this structure is (trivially) deterministic, and needs to be that.

> 2) The data is transformed in transmit. An example of this email signing like S/MIME because the old email protocols are text-based and change line endings and such. Both the sender and receiver have to be able to construct the same canonical representation because you can’t rely on the transport to not change it. I don’t think this happens when CBOR is transmitted.

That happens below the representation format layers we are concerned with here.

> So to me, CBOR determinism is technically only needed in rare circumstances.

For your definition of CBOR determinism…
See above.

> All that said, I can still see why it might be good to have something like dCBOR standardized in a way that 8949 doesn’t. Sometimes it is nice to be able to do a binary comparison of two encoded structures.

If you want to do this, you indeed need deterministic encoding.
(And, as I said, that is quite useful in test scripts.
So if you don’t need the performance of simple preferred encoding, go ahead and make everything deterministic.)

> The variability in CBOR serialization does seem to cause a lot of discussion and confusion (e.g., in work on EAT). Because of the variability, there isn’t guaranteed interoperability between CBOR implementations.

You keep saying that...

> I’d speculate that this is slowing the adoption of CBOR.

There is way less variability than, say, for JSON.

> I recall always preferring DER to BER, but that was mostly because the difference was confusing, I needed to get my code working quickly and I didn’t want to take the time to understand what it was about and what I’d need to do to support BER in my code.

DER is BER.
(Not all BER is DER, though.)

> Another thing here is that the use cases where the CBOR serialization variations are needed are rare and implementing deterministic encoding is not that hard, though sorting map keys can require some memory.
> 
> Also, I agree that we want to be strict these days — Postel was wrong.

Postel was right, it’s just that people have misunderstood and misapplied his principle.
draft-iab-protocol-maintenance-12

> P.S. I am not opposed to fixing QCBOR encoding of subnormals.

What is wrong with that encoding?
Your IEEE 754 floating point hardware is likely to already give you all you need to get this right.

> I just have been working on other things. Note also that QCBOR doesn’t use floating point for half-precision, so the fix is a bit more work.

Can’t parse this.  How can you not use floating point for half-precision floating point?
Maybe you are trying to say you didn’t implement half-precision floating point?
There is code in the RFC you can copy.

Grüße, Carsten

v2.37.1 | Report a Bug | By Email | System Status