IETF Logo Mail Archive

Re: [Cbor] Deterministic CBOR as a possible DISPATCH item

Christopher Allen <christophera@lifewithalacrity.com> Mon, 06 March 2023 21:54 UTC

Return-Path: <christophera@lifewithalacrity.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80A1AC1527A0 for <cbor@ietfa.amsl.com>; Mon, 6 Mar 2023 13:54:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lifewithalacrity-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4KhSpmOZjPya for <cbor@ietfa.amsl.com>; Mon, 6 Mar 2023 13:54:53 -0800 (PST)
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 042FAC152564 for <cbor@ietf.org>; Mon, 6 Mar 2023 13:54:52 -0800 (PST)
Received: by mail-ed1-x52d.google.com with SMTP id g3so44897225eda.1 for <cbor@ietf.org>; Mon, 06 Mar 2023 13:54:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifewithalacrity-com.20210112.gappssmtp.com; s=20210112; t=1678139691; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=hFAvbK7p5Pm5/cfDflLHN9vHTvJivxkq8hn22Ug5OHQ=; b=pGo3KSjmXyecdQEjFeB04RukpwerfEifo0XJ/X7vsp7PLPa9YmbBNR28TLlTeJAMs3 TvJwAlk90ig7QGpefNHP9OvSFGweRx5YJxxmOIr0HY0w9XOl5At068mhXZdfNG4knQLK qyZtTH3MGodgEySp6Hy8MglPVfYiBpn5lA2fIP4kDnC+0kKfTPNUMCoWklKnxTa1Gm1N hCj7qicMoxaIuG/neiFK0gZsjUFtyT0X8kAE5GfDiotuHIpkiouZWUz4yQVz9xFnN5lu /uLLi4pMGRBgadmSKUl0wmGyy2hpsBwfXPpN63MqE1yM3GweUNQ3CFTnwDtQClDIqVF7 nM0A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678139691; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hFAvbK7p5Pm5/cfDflLHN9vHTvJivxkq8hn22Ug5OHQ=; b=aXFk39Q7NklthGkg7DOQNtTWcZpnzvLUPCMTlbkxk0K3Qt4HpDL+DuLAdvdIE5qwMe 4calIkI2CRb1AI/ZZir1cbCDHBvTTFqiJjwSeVlNlFxoFk+TzheVhckfqgWcKE4XAnB+ n4he0epBc1GC6rPKtV4X0nxfphg2UvJWeMwV/2SWz7avvn3NlknXrx8/vU5hQ7+Y5fwi twUW76zqMuCyXA7El1/2aGV7BFcI7SudQcxbiTcu+5YMz7bAkVCRRW5u7EhG02GR8KWq F6jjtESM6elI+EZIXhPdURVg6Bt8+lIl1JAHgWSKTRl5bNsYVskrrqVejA35EalU6WYo PLRA==
X-Gm-Message-State: AO0yUKUtiGt9qBwFveiNrKwTAK/POa621K5ts0Vs7444dR38JOUHq55c o3jx4UZ/RXvLVX+f++XoHKoOeACZe8th2ASdY04y11w06hx5KPffr2o=
X-Google-Smtp-Source: AK7set/Zt66rzO4rT9M9eBVUF6eNLZmVxHbKPL3419zyW00l0WsuqCucirdug0RsFaQStiyzj3v1iKpc5JDxeAMK4k4=
X-Received: by 2002:a17:906:edac:b0:8f3:9ee9:f1e2 with SMTP id sa12-20020a170906edac00b008f39ee9f1e2mr6064526ejb.5.1678139690826; Mon, 06 Mar 2023 13:54:50 -0800 (PST)
MIME-Version: 1.0
References: <A9CF043D-4FA9-48D4-B953-3BE7AA40D1E0@tzi.org> <D25A0C94-ADAD-4C3D-8669-AA7FE9A6B3C4@wolfmcnally.com> <FA0E2D22-37F4-4C27-B5F5-E841D13EF0CF@tzi.org> <1DA00A88-64DF-48FD-B03E-10B520934DD2@island-resort.com> <3D57170C-61E4-4192-8B5F-120134ADA964@tzi.org> <F16409C6-81FF-4C99-A465-0BE1C07AD603@island-resort.com> <EDA4AD3D-F354-4A34-A403-9E71E91106E8@tzi.org> <8D4FCDA8-D281-4421-B32E-76258F5403AD@island-resort.com>
In-Reply-To: <8D4FCDA8-D281-4421-B32E-76258F5403AD@island-resort.com>
From: Christopher Allen <christophera@lifewithalacrity.com>
Date: Mon, 06 Mar 2023 13:54:39 -0800
Message-ID: <CAAse2dG1p+WAVLo2EQ98=_+O7yWJixv0Hkn6RrYhTCwhPhek9A@mail.gmail.com>
To: Laurence Lundblade <lgl@island-resort.com>
Cc: Carsten Bormann <cabo@tzi.org>, Wolf McNally <wolf@wolfmcnally.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, cbor@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/kM4bGZWJufWUlOhHVlDH0AHEaQQ>
Subject: Re: [Cbor] Deterministic CBOR as a possible DISPATCH item
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Mar 2023 21:54:53 -0000

On Mon, Mar 6, 2023 at 1:41 PM Laurence Lundblade <lgl@island-resort.com> wrote:
> Maybe the misunderstanding here is cleared by this distinction?
>
> 1) Signing input to the final signing algorithm (e.g. ECDSA+Hash, EdDSA,...) — the Sig_structure. It is deterministically serialized because the sender and receiver serialize it independently. It is never transmitted. This is internal to the design of COSE, is all good and well and is only of consequence to implementors of COSE internals (like me).
>
> 2) The COSE_Sign payload — This doesn’t have to be serialized in any particular way, doesn’t have to be well formed and doesn’t even have to be CBOR. It is transmitted so the receiver has exactly what the sender had. This is what my temperature sensor example was about.
>
> Maybe you are talking about 1) and I’m talking about 2)?
>
> To go further and kind of wrap the discussion around in a weird way, it seems to be the dCBOR folks are talking about payload as in 2), BUT they have situations where they payload bytes are not transmitted like 1).

This is an interesting distinction, and I should puzzle out how we can
be more clear.

I'm not up-to-date on COSE as I should be because of the little active
deployment of it, and because many of our community can't use it as
they are using more modern cryptography. That being said, I've been
talking with Mike Jones and others in the hope to ensure that Gordian
Envelope can have some compatibility with it, or even possibly
incorporate some Gordian Envelope's features into a future version of
COSE (there is some pressure on them as ISO mDL/mDOC standard support
a hash-list version of selective disclosure).

-- Christopher Allen

v2.37.1 | Report a Bug | By Email | System Status