IETF Logo Mail Archive

Re: [Cbor] Deterministic CBOR as a possible DISPATCH item

Laurence Lundblade <lgl@island-resort.com> Tue, 07 March 2023 17:59 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16989C1524A3 for <cbor@ietfa.amsl.com>; Tue, 7 Mar 2023 09:59:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GVmZjRGKvXfg for <cbor@ietfa.amsl.com>; Tue, 7 Mar 2023 09:59:24 -0800 (PST)
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2072c.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe5a::72c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42A2BC1522AD for <cbor@ietf.org>; Tue, 7 Mar 2023 09:59:23 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lRHw85qoMJfTo0rOKrGPmIb6Al1ooJP2P2lUgNEZn9FxwK8Btic7kDl9NUEd1xFi3NkjPlq5VXLuxO3KLa6+aWOPBBX5NU4Eg+OwZjwWwgbViqcorOaGzL77RvtmqboR3JaTLIcCUkXsZkwQ59StFIScvyGbQ0vmFDJpqkCWll/nxGdkVll6ryCsph39iyW5khjq48jlOwjtXaPyX8GU9qXYDJa+LxhFzwvphWEHJQk3w2SRsbZhvwga9lRHMHOdL+IqRrUlbOPYle4zboPRR2xGbe+xs+QhAxCzJv7lvNvgGOodArEC02EJbto/4tdPlQE/5/9P6l0JPRWRWgF8lw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9z+dVoNPLoytqB/nfNHafGcVR1h6gEQGAtxsv42YfVY=; b=c3hNqRGDuXrpxzbwoTUkbiijmjmAdFu3YndD2zpfk5USTQ4Tpe+z74OUnrm0wTtGN9obUWqwlqBvgwR6DxMBSu4aQkAopzdj056CID/wFi1XNcIN2HY/jteUcQm3DBzay43xGJtU+dqXEeiY6xz3fagcwaSUBP5WKw5ptvFE6OG916mw+/6rVDzraFvhgpkbPGrGPe9brFYs1ri4vVUdpZLoVKrGpwxmOZmztHk9kZialZsV+C/7vZjUzX2U1MKhFbnpbssenaQekaDq7OBbDJDN0bC79up3lakVEn7C2IoV8j2QdJsLc2Wx3O215oK4u0CTOgJ3P0IvgGI2HHIQbQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=island-resort.com; dmarc=pass action=none header.from=island-resort.com; dkim=pass header.d=island-resort.com; arc=none
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=island-resort.com;
Received: from PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8) by DM4PR22MB3741.namprd22.prod.outlook.com (2603:10b6:8:40::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6156.28; Tue, 7 Mar 2023 17:59:19 +0000
Received: from PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1aae:283a:d7b:3d58]) by PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1aae:283a:d7b:3d58%4]) with mapi id 15.20.6156.029; Tue, 7 Mar 2023 17:59:19 +0000
Content-Type: text/plain; charset="utf-8"
From: Laurence Lundblade <lgl@island-resort.com>
In-Reply-To: <CAAse2dG1p+WAVLo2EQ98=_+O7yWJixv0Hkn6RrYhTCwhPhek9A@mail.gmail.com>
Date: Tue, 07 Mar 2023 09:59:16 -0800
Cc: Carsten Bormann <cabo@tzi.org>, Wolf McNally <wolf@wolfmcnally.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, cbor@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <9F331589-7DF3-4710-858D-5739033DE743@island-resort.com>
References: <A9CF043D-4FA9-48D4-B953-3BE7AA40D1E0@tzi.org> <D25A0C94-ADAD-4C3D-8669-AA7FE9A6B3C4@wolfmcnally.com> <FA0E2D22-37F4-4C27-B5F5-E841D13EF0CF@tzi.org> <1DA00A88-64DF-48FD-B03E-10B520934DD2@island-resort.com> <3D57170C-61E4-4192-8B5F-120134ADA964@tzi.org> <F16409C6-81FF-4C99-A465-0BE1C07AD603@island-resort.com> <EDA4AD3D-F354-4A34-A403-9E71E91106E8@tzi.org> <8D4FCDA8-D281-4421-B32E-76258F5403AD@island-resort.com> <CAAse2dG1p+WAVLo2EQ98=_+O7yWJixv0Hkn6RrYhTCwhPhek9A@mail.gmail.com>
To: Christopher Allen <christophera@lifewithalacrity.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-ClientProxiedBy: SJ2PR07CA0013.namprd07.prod.outlook.com (2603:10b6:a03:505::15) To PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: PH7PR22MB3092:EE_|DM4PR22MB3741:EE_
X-MS-Office365-Filtering-Correlation-Id: 5654a024-9755-4399-1fba-08db1f35ac8d
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: q4RohNEz4D+/iu6YuEy2aVLtdpabPGR40RVll34Kw0N+g7B51f4/hTrxYs87xK7DkyQ6+0SlPEcb/nUrk5mVffXRDwSH5cLAS/MAK5arXXOUqXhP0OP0BwMgy30DCzxnVUftrUmY42tpGakuM4nI2paE0SS6fKATIvjVozvwXZZ6mWxUDjfQmcqRqb6lbSG2bUgiurjYnWBLFAJgknDkAPPiPzYmX7L8EcdEdgeAs4QUgfJ7gic8HIuw4zXYzT1smBXDwJYTIXFVfJ9SbnRCGSLmtg5naVH5QEsCkoPogKTJkOdBBkqH4cBtf0RGg1WeKgdwGfBdZBkJW+JH1D0vIM8IQmE3fsLDJnZznTxF8aJjU6FIq7279tpyAhTvteBPu08IAEWJZ+BcSjJ7p9locpVYmN8EULNBqPWGFyWB364LZpt0affVi4qNwlVsXj6Yt+b2gL490tiQCoN2wErSzbcxZrNBAbjpFjYsgU4BDgQnY31fkonAG7NHYJpG0qu7ge7Ao6Ns+H2yACeAvH7VVRT0Bpp698ztjkxB+/c2k0MkQxrkY9u86rtT6Mnm4JzXhKxkmVTx+VbZy7ZPawGm9EMpQBQQekox9UOLdZHyTir+hhHg0LB6h3989YA8O6IuwUdJfTN1Te+yxhOUMLSfjcd5onJMssBsb3KI3ZI3rYzzvCelzVXw6LI32ThBowgSasKGziYo/Jg9DX83a+I8ddTcjtlXDeOISC7hKfXlNkY=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR22MB3092.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(39830400003)(346002)(136003)(366004)(376002)(396003)(451199018)(2906002)(186003)(4326008)(5660300002)(38100700002)(6666004)(38350700002)(66946007)(6916009)(8676002)(41300700001)(66476007)(8936002)(66556008)(6512007)(478600001)(26005)(53546011)(2616005)(52116002)(316002)(36756003)(54906003)(83380400001)(86362001)(33656002)(6486002)(6506007)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: zBULy123R8wcC59lTJOinOEY/+/bY8fXArnCVnPwaOjEDIplZmjjvYbjB7IwJ/3bIigiQan+yEG761Tt0Wa2SS6nHHtqE4XxxvZ9Sl5XENQjiWCaX5+0sNH0WvveaR2GMe7DjQpkwqsUiGG4ATJLrmfJneOS2gllIer9Tc9eYfEzyxXLEbjQbVkQybDfrLPhs+NggWzkG3LxgV9IybjegXA6iJw8T9/B0sUB6LOvRvJS4Y1DLKYiHsIRVxg87L4z411Ud99babQXjO4tFvA4JnWQ8Dnh9kkur8OvXeWech4rm2DFKTmIDnA5AnuGqbUtWueCnX59JX8pLDQWbIlQXjOrdNKEjBo7BW4NTih02IZ29e8rvA8oCn0+12BVD7rTYU5/MpfkBvznavbJAOBAxXc3Tlq7hXNQI9jEFDOed3+JGcCD4fJfEibBvtPHKQTw61qVmPjFSEB7YTWP5FuumP0VC00jXYhIu+9VnVGjYKUxwGnpa4qhAl96O3L3pbfHW8JKrpQ5bHchzt1S8PPTZzYFbf7RafGmfKxNkwskitM1N2xpEiSolaG8v/raxIjydRqgYKxnVsSPYCytfzczzIiEj4d5DWeHBdq62bCksn8d7K2I9wGMxoUQrq7v+cGPkzLrM8NojI6MhMvRqnSFUbkoUfS26XwI2CZj6iRBFWZ6anZXMZJNfBapVUwkw4//HHQvw7iX23KCQjRez/NnsnN19tuUhXzvNz3vhkrYFpVoNlD5LXmHgr6OnNxnmIeGg85ZgN/jVuMfHfxNJ+3lgJuOnJQNlgEdd+gANCPvzknyAJxPC3bd33j6IN6Vu+ifDWD+fl4AqjeihpshY0iQ2PUoNeIQb5hVvMdZbx5hdwpJIARPK4q1hrWpEe0Z8tMxT5td8vnYmzitra1PqTTvrOzkdFRRQ+twtf7S8Cx+gkIngG1A6R89vTlMepZ9rVgNhc3FsY0/S57vBQlMgdAix8x/xph+j3uQhck1y8DTQ8/Bdc7r7XIoJnGm7mrl0oGz+AgNA63d/+rcMUQ2Lh+TAa+St1y9mfEE2ovAi4lVRysfwQ7yNhtHDvmgXFalPcFeBjKw5TsBj7s8uWgaKcI/V/bh3t8hVJi/oFIRCzp0j8C2zO6S4N+f9F7R3QiyxPwBg9kAU1Ho6qWHnIth1KXQBeC+qrstncKdt3JnJXCDvzOQHdcyhsZ4y2xFzvw8zUv4hriTropXvUXHguPxD2rpWf2D+i3gyaNMYNcFzvXlFWgI6KeI28TeYeEvw1KBozDRORWrE85slUEzjZ5ID/d3Q38RnGKSEQjBTZRSixB4B+23meVFfcQvd4aplT4D9qtQjNRwahANVfqQaMIpzX26Oyt+UlZ8AeJDqGg4wwA+XOTjI96wnnKp3q7jl6MRPNISbOknTl44zGA38cppBkHAQgGHp9K9Xgn0We6reQgWHe+BZs/XFkEvLJM4lfzTN5EYy83L49z8ZSHDf8oCND2ypLPvFKTeci98qVKce794xbyaMgvM0tpwEXQxwQ2m5A3jBLjF57vh9bqLF6kFVeW0Ax/Pc1a87juEp//CG5R84FwAPb2FxQXbK90TWBxc39lsuoX8VqrSjoMyWsmN0xjpEg==
X-OriginatorOrg: island-resort.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5654a024-9755-4399-1fba-08db1f35ac8d
X-MS-Exchange-CrossTenant-AuthSource: PH7PR22MB3092.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Mar 2023 17:59:19.3991 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: ad4b5b91-a549-4435-8c42-a30bf94d14a8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: TXyCEWLlhxfE/qMDlLUAOCovr7teqNwstllPA60r0Blc1Yd8nJ5op4TMNQVlC9hm6WgFmDzYrBwyizcDeVR79g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR22MB3741
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/etTv999rnoCCRO52li-PJYJ_U_U>
Subject: Re: [Cbor] Deterministic CBOR as a possible DISPATCH item
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Mar 2023 17:59:26 -0000


> On Mar 6, 2023, at 1:54 PM, Christopher Allen <christophera@lifewithalacrity.com> wrote:
> 
> On Mon, Mar 6, 2023 at 1:41 PM Laurence Lundblade <lgl@island-resort.com> wrote:
>> Maybe the misunderstanding here is cleared by this distinction?
>> 
>> 1) Signing input to the final signing algorithm (e.g. ECDSA+Hash, EdDSA,...) — the Sig_structure. It is deterministically serialized because the sender and receiver serialize it independently. It is never transmitted. This is internal to the design of COSE, is all good and well and is only of consequence to implementors of COSE internals (like me).
>> 
>> 2) The COSE_Sign payload — This doesn’t have to be serialized in any particular way, doesn’t have to be well formed and doesn’t even have to be CBOR. It is transmitted so the receiver has exactly what the sender had. This is what my temperature sensor example was about.
>> 
>> Maybe you are talking about 1) and I’m talking about 2)?
>> 
>> To go further and kind of wrap the discussion around in a weird way, it seems to be the dCBOR folks are talking about payload as in 2), BUT they have situations where they payload bytes are not transmitted like 1).
> 
> This is an interesting distinction, and I should puzzle out how we can
> be more clear.

The things that convinced me about dCBOR being necessary for the use case were:
- data at rest
- very complicated protocol
- desire to byte-compare serialized data 
- independently (separate apps, servers and clients) encoding data to be compared and signed

I’m glad you’ve brought this up there.


> I'm not up-to-date on COSE as I should be because of the little active
> deployment of it, and because many of our community can't use it as
> they are using more modern cryptography. That being said, I've been
> talking with Mike Jones and others in the hope to ensure that Gordian
> Envelope can have some compatibility with it, or even possibly
> incorporate some Gordian Envelope's features into a future version of
> COSE (there is some pressure on them as ISO mDL/mDOC standard support
> a hash-list version of selective disclosure).

COSE use is of course a completely different issue and orthogonal to dCBOR. Discussion probably belongs on the COSE list.

LL

v2.37.1 | Report a Bug | By Email | System Status