Re: [Cbor] Benjamin Kaduk's Yes on draft-ietf-cbor-sequence-01: (with COMMENT)

Benjamin Kaduk <> Thu, 26 September 2019 00:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A5674120825; Wed, 25 Sep 2019 17:17:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2Eh2FZdwvrQV; Wed, 25 Sep 2019 17:17:00 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A907D120832; Wed, 25 Sep 2019 17:17:00 -0700 (PDT)
Received: from ([]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by (8.14.7/8.12.4) with ESMTP id x8Q0GoY4004733 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 25 Sep 2019 20:16:54 -0400
Date: Wed, 25 Sep 2019 17:16:50 -0700
From: Benjamin Kaduk <>
To: Carsten Bormann <>
Cc: Jim Schaad <>,,, The IESG <>,
Message-ID: <>
References: <> <008401d56e91$caf513f0$60df3bd0$> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <>
Subject: Re: [Cbor] Benjamin Kaduk's Yes on draft-ietf-cbor-sequence-01: (with COMMENT)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 26 Sep 2019 00:17:08 -0000

On Wed, Sep 25, 2019 at 02:21:26PM +0200, Carsten Bormann wrote:
> On Sep 19, 2019, at 04:40, Benjamin Kaduk <kaduk@MIT.EDU> wrote:
> > 
> > On Wed, Sep 18, 2019 at 07:27:29PM -0700, Jim Schaad wrote:
> >> One response down below.
> >> 
> >> -----Original Message-----
> >> From: Benjamin Kaduk via Datatracker <> 
> >> Sent: Wednesday, September 18, 2019 4:41 PM
> >> To: The IESG <>
> >> Cc:; Jim Schaad <>om>;;;
> >> Subject: Benjamin Kaduk's Yes on draft-ietf-cbor-sequence-01: (with COMMENT)
> >> 
> >>> Section 5
> >> 
> >>> I might note that when COSE is applied to the elements of a sequence, the cryptographic protection is on a per-element basis, and thus there is no guarantee of relationship between level of protection, source authentication, time of generation, etc., across members of the sequence.
> >> 
> >> [JLS] I don't believe that there is any requirement that there be only a single element of a sequence inside of a COSE wrapper.  If three elements are generated at the same time then all three could be placed into a single encryption.  Thus I am not sure how to say that the protection is on a per-element basis.  
> > 
> > Perhaps (presumably?) this is just a question of semantics, but from where
> > I sit, the output of a COSE operation is a CBOR array (that has at least
> > three elements and maybe more depending on context, but that's not really
> > relevant for the point I want to make).  If I'm using COSE to protect
> > (some) elements of a CBOR sequence, then what goes into the sequence is the
> > CBOR array resulting from the COSE operation.  Undoing that COSE operation
> > may or may not produce more than one CBOR object, but those objects are not
> > elements of the CBOR sequence in question; they are contained within an
> > element of the CBOR sequence in question.  So, to me, the elements of the
> > sequence are necessarily a single COSE output, even if the consuming
> > application may assign different semantics to them.
> > 
> >> While it is true there is not necessarily a relationship between each COSE object, each COSE object does have the ability to provide that information for each element of the sequence.  You have more than what you started with, where you had none of that, and now you have it for each element.  You just need to do key validation on each decryption.  That might be a better way to say things in that a stream could have multiple sources and thus multiple keys.
> > 
> > Sure, making positive statements about what can be done is preferrable to
> > just making statements about what is not guaranteed (though perhaps both
> > would be needed; I haven't thought about what the text would look like very
> > much).
> I have tried to address this in

I think that works; thanks.
Just to confirm my understanding: since COSE wraps the plaintext content in
a bstr, there's no change needed to allow for the sequence to be present?