IETF Logo Mail Archive

Re: [Cbor] Deterministic CBOR as a possible DISPATCH item

Laurence Lundblade <lgl@island-resort.com> Mon, 06 March 2023 21:27 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BDE5C152EF8 for <cbor@ietfa.amsl.com>; Mon, 6 Mar 2023 13:27:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OdAmNx3wF2cs for <cbor@ietfa.amsl.com>; Mon, 6 Mar 2023 13:27:05 -0800 (PST)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on20700.outbound.protection.outlook.com [IPv6:2a01:111:f400:7eae::700]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66ABDC152EE5 for <cbor@ietf.org>; Mon, 6 Mar 2023 13:27:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ObDPQVSR9OZJMs4ZjPP9qoDt09+M005dwBRDACbNZqRsxNuStr3gBansYhpV8AwMuKtzsX8iJR+kLxJ35jWXprjiK4NH7jARg8xSRUaE9wB2ZdiC1NDmuYSu173Pz8BkP2EuF/72a9/WQ8FDZYQq265JBRhvwqvCjLJc1b9pxWprLeUhCIqo9u0QuhBmiTxUY6zMg1qmYHcM9RyB9j7wxu23K3/LjUeSG8oTAcL/CP1zflmOZ/VhhyT6VFNUiuXsURqLqsdBRC3V7M72nrRTTOMg2Si3N05z1JLPiHwsQcPzTdT/MXzqshYYNaNg27VCfk3WkUOrO+uR38rJFjm7oA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aA4CvndwrvcbX+Az/e1Us/BcI7/ZSGu4wta20flV72s=; b=HP7dI680DdV9fn0qtth+AwtEBKByWOFgXmDGrOhQqQYdgRjKCD4isgaQuVfVOB13FMyTTza7L4RxKiRAo8VY5Vmr8vF+lN3PDnSRTXlIA91QgjyjTmtAZS6pZa/PXY/Im8LjsRQ/MFFJJxtvikQM6uLGwtNI8y0HWLH4LaGSvLH2cJu5/A7+9I9Z55kxRdEcdcRK3Zj4fppi8bwmNFJK5g7+2WOHcwSe0d6A8NTK2e4P7uHTvZTQG5Be5SZHg+y2Y1svrloKXub9xbjUoErWnWOV8JgnjNgp3zZwbbXACn+hht6EhcnfBOHlycVfjH0xQC5eEknzy5E4q6ldY3jfQw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=island-resort.com; dmarc=pass action=none header.from=island-resort.com; dkim=pass header.d=island-resort.com; arc=none
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=island-resort.com;
Received: from PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8) by DM4PR22MB3400.namprd22.prod.outlook.com (2603:10b6:8:47::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6156.28; Mon, 6 Mar 2023 21:27:01 +0000
Received: from PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1aae:283a:d7b:3d58]) by PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1aae:283a:d7b:3d58%3]) with mapi id 15.20.6156.027; Mon, 6 Mar 2023 21:27:01 +0000
Content-Type: text/plain; charset="utf-8"
From: Laurence Lundblade <lgl@island-resort.com>
In-Reply-To: <CAAse2dFgsHP-kpu-vgfc0JbSvzL9PEG5+0FTE-xVAWfvqBQycg@mail.gmail.com>
Date: Mon, 06 Mar 2023 13:26:58 -0800
Cc: Carsten Bormann <cabo@tzi.org>, Wolf McNally <wolf@wolfmcnally.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, cbor@ietf.org, Shannon.Appelcline@gmail.com
Content-Transfer-Encoding: quoted-printable
Message-Id: <304E9B02-FCC6-41A0-B309-C02F998B9A53@island-resort.com>
References: <A9CF043D-4FA9-48D4-B953-3BE7AA40D1E0@tzi.org> <D25A0C94-ADAD-4C3D-8669-AA7FE9A6B3C4@wolfmcnally.com> <FA0E2D22-37F4-4C27-B5F5-E841D13EF0CF@tzi.org> <1DA00A88-64DF-48FD-B03E-10B520934DD2@island-resort.com> <3D57170C-61E4-4192-8B5F-120134ADA964@tzi.org> <F16409C6-81FF-4C99-A465-0BE1C07AD603@island-resort.com> <CAAse2dFgsHP-kpu-vgfc0JbSvzL9PEG5+0FTE-xVAWfvqBQycg@mail.gmail.com>
To: Christopher Allen <christophera@lifewithalacrity.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-ClientProxiedBy: BYAPR01CA0043.prod.exchangelabs.com (2603:10b6:a03:94::20) To PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: PH7PR22MB3092:EE_|DM4PR22MB3400:EE_
X-MS-Office365-Filtering-Correlation-Id: b47e4813-1157-4f5a-f42b-08db1e8985e4
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: mQweUZlrYsaKsq0HGYXG2x69ClT1p2AwDmSkPhQzmDP00Z+Gipe9Iz6qN63UpRwLNnBaKb+vE+A3FlQtz2bnp1LUEOUKefi6Ns5aiE2qjDd2yFeKGNMEiTN/ZszdREhlDml86ICI3VGDe2fHkTC021HdTzidvdNw+ht9g3Z7zK8XQBTC/UUekIDB3rwNY91MR+h/TCd6F8KOGlekHg1YlmLJaPASNIysHRARu+afSgvmH2y2pCviIwnIyKxNC4z3+ly4Q0EKDr9WMTbdv0tqi7ePC5oiyZvspczM/ZmIHEh3J9pv0VKPiTKJihJ/cX4ToW3rzSMtercxQwuADiubhheX3xFcSxid+BIl7Aj3YC2kFdkpXmvU4FSxI/A4TBNZHBBWh1FrY0hGhAVqTTgwjvCbKp9ZZzrZryoUqYqSnZA/yCoK8i4viySk6fo9/nT9MuNbwA1GampT/OtgRBU8k9c2/tt5b3rsGNLRFMLVGxiTXJlFCEuQxJuOpHgpMOrNlD/1btTfUKLeFrB0ECoYVW5dMhCt08MRWiRvSUd3CtLmiO6kuJcBjL4cKi162Trri0riegAf9451rhKJAyVOON55B0/fs48w5/cKXLjg5iwSwkNSIR0iP7BcC8a/8RiThfnfV0vRzG/l38KDtnf01xKB4q0L9SFM/B3iInut8ZMDfOJeHE4nef/lpP6EMu5o+DYmKfzNCVcXO+FsHB+ZPcqCg2gkIv2AtGkNdyt+CGU=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR22MB3092.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(136003)(376002)(346002)(39830400003)(366004)(396003)(451199018)(6506007)(6512007)(53546011)(6486002)(6666004)(36756003)(83380400001)(86362001)(33656002)(38100700002)(38350700002)(186003)(26005)(2616005)(41300700001)(66946007)(66556008)(66476007)(8676002)(4326008)(6916009)(2906002)(5660300002)(8936002)(478600001)(316002)(54906003)(52116002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: s3Db+TsIL9qD+5hSvVzZSpPj9eB8crQXi/NFjUXdAyitOhL739iIVPGb76bTpR2HL6Pbww1HWN129k0/VtCAhocOgVsM0TcS4DZxZY5oOPyY2aRK51R+NKplErmQmaIOE7FAOD50iPhX5H+9iNoeFLRR4aSvbHD3HyTiZD80FrXz67R1FGUOlSjUpdAAOA3g2eNapQcY5OFD7YAGMu91CfkQ902e/rNfHIAq1QmgYZekdeVX6ONgZ1IGYWRlMFRKVld7XBJIh2wm6WWiSglMt6dHPPJlxlVjBgxEnOJNFj+NEKiH/oj7RsoB3A/gOQ9p0knvGAB4VxqJHNkbkFcOo+WsTY0Bktn/2SxFSBkNvXZNmaFrHp+5zy9lAqNmkmPhnUBSe8+54N/OYEgvA0nzXP5CrWertAZmFgpsl0fmY0TLGcR2QESdi4paBXcYxwO3wzk9kI7SQgy68dGkfD4JbtE2pmPVLj6Ha65va4Dt1t8dUTqUG9JytWfepngWpopWxUWU8ZAj7KP90y83IiFyqNPtCl3QeaZhQv/V1INJL51a5mp0zq8G+m/jWovONh1Tug2u3+dAtcVKTpdvnSb17EyewVXdXWMyTTHDhTsun5MQML2sGpbgvtyktz+YxijY827XwPcVN4XNZ08AobJM8W9D7JNi8VNeJYfSVrJWp9u6Wzt1jhMzIyF3DR2PEpTedk5pPdPrgUdFlNkfecDhARQWynRwheJOw1kCytyfI6RiuAjIyBRFvZPtWm/EtQTJVbu7rHdTpw4dLf7KdX3/dxvjGYA96DhuYWLtOFJiRSkZUjuw3yittPjaafoXOTcz3sQ843fqZPFTVxnFnAINLeAMpEBubiHnxLgEfLq0X4o7WWBJ23EeYy2xWbcdTRYiHnUCPpuNn9y66jD17UP1r89c2+CXfBd9qjEv5SXMr2Z8FJI7wyhFIZyRWpGGK8t4ijI0FcBtHcSV1VB3IUUg0FtoTVKGJ++8ST+3vsNnUA6wB05GjgIokcExV5nINGqwltEZsZHMmc/65fcP8K3blRfWCdiOPa/gRMeqT95oUMjjT/maDqYIx5y6E9YhbypGKFXylZSI0Tx5EbkfvXoi4knDyj7IdVbggWO7kw8xjDXjbMnCnFL/WbSfYQ+lqvQ6Ohbr9mUUIF++F1ydphXtLifwhPQ8nhqnR1K3duGobjSJ9rp12kxVuZMqRlcybKVRSxAFGboQ/6wqX+PWlsdyQd5oQ5Cr/dxzLG5F+z/cwkSk1zedtNzHBoQyLoL2j7WMVhIDV8+Cha5XQlBe5XqsQcngBYNSW8YzXcJTCPQU7S71EaVGdHKwkqDFemIq/iC8rcK8RLVCsQQ+1Yk9i5FTHLASaeLqgrLle6u8wrhjV2DJtQ5Iamah4/jQgs57yeMWi/AtNUD54RqYYNp1MwLGDusxWAmHMYOcTnw7MqKfJzwSP+g7H4283plVZE/P93Zh3TDU32RJBvdkbKwMTbXORgbAu6sBaA9Zv/PqY8xEfrENn2exBZQBc9ToYNuG3FwMOJHm9BvpzxWNFEeXo1B28fHo5xIUS+Tg5VLUjQpXy+x+PgG51fughA0pnPkAjtw+DkCZ0xpM38LJcKAQiqAdSA==
X-OriginatorOrg: island-resort.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b47e4813-1157-4f5a-f42b-08db1e8985e4
X-MS-Exchange-CrossTenant-AuthSource: PH7PR22MB3092.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Mar 2023 21:27:01.0502 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: ad4b5b91-a549-4435-8c42-a30bf94d14a8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: XFs6WGQZRA7Xxsh3bum1EIEmTOzB+vZFfVbM07k2zvSaIvcXye51Zir1lCOWbHZUVj2Rjei6omvAk25Net45Zw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR22MB3400
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/xRkxs3b6HeNNAW_f-OrJJG9vGOI>
Subject: Re: [Cbor] Deterministic CBOR as a possible DISPATCH item
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Mar 2023 21:27:07 -0000

Hi Christopher

> On Mar 6, 2023, at 12:44 PM, Christopher Allen <christophera@lifewithalacrity.com> wrote:
> 
> On Mon, Mar 6, 2023 at 10:23 AM Laurence Lundblade
> <lgl@island-resort.com> wrote:
>> the blanket statement that “deterministic CBOR encoding is required for (all) signing (in the known world)”.
> 
> That is not the statement we desire to make.

I thought I’d saw a statement like this from Anders or another. I can’t find it now.

I queried about it because I wanted to understand the thinking behind it and to see if I was misunderstanding something. I’m not out to disagree here, mostly to understand. I have got what I asked for :-)

I was mostly thinking in terms of simple point-point protocols much different than what you are working on.

> 
> That being said, it has some truth under it — I've been struggling
> over the past 6 years with challenges in various W3C communities and
> WGs about using JWT vs. using a graph format, (the original being
> signed RDF, and the latest version being JSON-LD). It has surfaced not
> only in the Verifiable Credentials 1.0 standard (ratified in 2019 and
> modified in 2022), and the Decentralized Identifier standard (ratified
> last year). It continues to be a challenge in the discussions toward a
> VC 2.0 spec just this month.
> 
> Though the problems in the W3C attempts to compromise between these
> approaches are many, one clue to one of the sources of the larger
> problem is your statement:
> 
> On Mon, Mar 6, 2023 at 10:23 AM Laurence Lundblade
> <lgl@island-resort.com> wrote:
>> The signature scheme here could be anything that can carry a payload
> 
> Including the payload causes can cause a host of problems. ...

Yes, makes lots of sense.


To come full circle, quoting myself:

> On Mar 5, 2023, at 12:10 PM, Laurence Lundblade <lgl@island-resort.com> wrote:
> 
> ….
> 
> There are a few rare cases where determinism is needed for signing:
> 
> 1) The signed data data is not transmitted. It is instead constructed separately by the sender when signing and the receiver when verifying. The Sig_structure internal to COSE is an example of this.

This is kind of the use case you are describing, but your use case is much more complex.


So yeah, agreed that dCBOR is required for what you are doing.

LL

v2.37.1 | Report a Bug | By Email | System Status