Re: [core] [Lake] 🔔 Working Group Last Call (WGLC) of draft-ietf-core-oscore-edhoc-06

Marco Tiloca <marco.tiloca@ri.se> Tue, 14 March 2023 13:48 UTC

Return-Path: <marco.tiloca@ri.se>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92876C151524; Tue, 14 Mar 2023 06:48:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ri.se
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c2p-yAjkDTMu; Tue, 14 Mar 2023 06:48:03 -0700 (PDT)
Received: from GVZP280CU001-vft-obe.outbound.protection.outlook.com (mail-swedencentralazon11011001.outbound.protection.outlook.com [52.101.81.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49766C14CE3F; Tue, 14 Mar 2023 06:48:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lkzZgouJlzRVLOHHzmftfR0vDQi/BNqDxmHFKISrzgGpW9ybLwXaOtWMALRr3XVjoutLghsi+ixVREZ2QZ3hkw2WKpraH4XV1Aqgv+Sdq+NDN/E+z4HCRcM8mczOEmfpvWS6TR612nMMWfUED0rIcuC+gc2agFK6zlUnlR+2b8m+Je8Vyupd5TFLNTrpKnz9n8uEwXHQxoOlZOBrlwe0OOlUUVlWozYO9iFi44fwpAA5KOACHSjw0+RnItUMqYrPbHNxSj0+I/xx4fRh8Yci+0bHnOkRrm98iR1OoCHvPDHUI44LAGsf1joGXU5LcvguZfh3uyC7Kgnq018ORTRl1w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ikskkFvGUMEBRpnVYtedx1L6mYxR1xJrn5z7GvOzcQE=; b=XLYsjfV3ZsAOQXxNAgo6zUavK7CM3L+VJ5VE97iaGP+2MCOiVIRXYpvPhNaZHUOopw8M7QoqYzGB13+E+oU1HWAs6z1wb5ZN5bC8XWm9uu72uaTXJLMyskKe4GoSmrv99EBEAtH8BfN2n6Py5NfvND6hcax46VVZ9GTK4LGjQ0obBu+AoTyHKLlGhtza8wXGZ6RzjARpLEf2RIs33IzlWCybfj0hel0zctWeSZAlWBugiKOJcg/bgdWN9obR3PiqC2kr/pj7LYyUDRx1OHLEq1TYtVrdPoygqiLm6gDNi1ji6HNT5wBSnSSGkZ5sC+BUIpM8+n0X/gPpPeQTa78ABA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ikskkFvGUMEBRpnVYtedx1L6mYxR1xJrn5z7GvOzcQE=; b=ez6SH1+ZQGBmy4NWVLqTrBAsPXoRnICIWflagvPiX39od/Xd1XYvmaXv3rt7GGPqv5/8xA+fXE/OSMidIDqt99OdLW0fai4o8kKMPMUFR48nwbLuE+Iugs9BfHjSOZvNuNA2fUhhMtSrKNniU+5iCtxDsyJN3bzFbHy4guQcRDQ=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ri.se;
Received: from GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:37::17) by GVYP280MB0093.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:31::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.26; Tue, 14 Mar 2023 13:47:58 +0000
Received: from GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM ([fe80::5435:d7bc:5f10:99df]) by GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM ([fe80::5435:d7bc:5f10:99df%6]) with mapi id 15.20.6178.026; Tue, 14 Mar 2023 13:47:58 +0000
Message-ID: <ebbae949-4abf-0e46-fdfd-82c3a15f3333@ri.se>
Date: Tue, 14 Mar 2023 14:47:57 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0
Content-Language: en-US
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, Carsten Bormann <cabo@tzi.org>, Christian Amsüss <christian@amsuess.com>
Cc: "core@ietf.org" <core@ietf.org>, "lake@ietf.org" <lake@ietf.org>
References: <F02C5E48-A196-45EC-8576-6BC67EC26AD3@tzi.org> <Y+1b4qX6Ya7BCbvk@hephaistos.amsuess.com> <7A07B432-3DD7-4517-B22D-C5C58E9910E6@tzi.org> <HE1PR0701MB3050C70FC1FE5487A9F4D8A489A99@HE1PR0701MB3050.eurprd07.prod.outlook.com>
From: Marco Tiloca <marco.tiloca@ri.se>
In-Reply-To: <HE1PR0701MB3050C70FC1FE5487A9F4D8A489A99@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------x6XBdxfn4WsC8LMiPO5WyArO"
X-ClientProxiedBy: GV2PEPF00000100.SWEP280.PROD.OUTLOOK.COM (2603:10a6:144:1:0:1:0:c) To GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:37::17)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: GVYP280MB0464:EE_|GVYP280MB0093:EE_
X-MS-Office365-Filtering-Correlation-Id: e8a3fcf4-d9fa-426e-c905-08db2492b879
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: YBGQW4h3+AEwRm0rnSCoRO5fLEl3J9PSoHsr3YF4MG5jW6OFjHADZOFqz4IkQh72E/mu47GV1E799TUuSHWYaSf0r0NqDsf9QHuZcsLP4Xvx3MJ/SjBKevAdQL6BvQacGaI5lBz2K85AtFsfxwHSn3zSZHe1OnBV4DpJE5WyHPUd2O5zQOn01gOMXWOyx4fr9Kjxaxi8MSHi85qkPnXuTBvOmpxJrRf/z3u4xoFjquHNnu5AuvFgy+Ks+/sEXqMlT1OGhnYbip7EZ0CmWsrzRu5Z4sC+gfDIw/CfjPv8krCPs2XuKyOqVmg0K41XHdOJJqzxip9A4AsthEhLcREigHGR+bxfNsBz1CvG+ERTNsFsQL2Cxgn3dDg5kShhCOXOmNiA3qN9wqZO1IVs9K/1z/ymAWqSjhXasOF+TdmrwqW7ciFoBhk+Vby2Q+dpkTv0c3riH3QPLYbDy833w/tbnesfdQxAqXGr5RG6QoA+zjRdzZ5/OfeXd6a2D82+vo8LNTbfLFlOgcR9O/XxJN5CiEYwd4YiC/kTzDtTCqkO4S16M9DeMCw6AuQg8FMDh/2zRdFB2DsdrIEmno4WS6P4A8htr096XOoWbqF8IRGYHU0KJqebkG4NrFLzJcvADyBC3N9EA3RYysD3YR15XuqypBiWl4JHJiqp1Yjvd+IMN0VEWPuuCJumrySUTQR1bV+Icv9ITdzJI3N6jak2tgcK44Hmsl0nGhPUUTh0Sq2zXXs=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230025)(4636009)(136003)(376002)(396003)(366004)(346002)(39860400002)(451199018)(38100700002)(66946007)(66556008)(66476007)(4326008)(31686004)(41300700001)(110136005)(8936002)(316002)(54906003)(83380400001)(478600001)(5660300002)(235185007)(86362001)(66574015)(45080400002)(31696002)(44832011)(30864003)(166002)(6486002)(966005)(36756003)(21480400003)(2616005)(6512007)(6506007)(53546011)(186003)(2906002)(33964004)(26005)(45980500001)(43740500002); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: dDhfpvEeHeYm3mXK2i0Uq/OjEnsMaCllXPY2MyZTHaI/gZGe5kD0xjjBItMWHCg65JLqo4/+LuQBxo0Xn1CaRph/xHU7TxotF14xhd3rSMwHpZhDicAmOByAd9uRXvNWhdxxFcG/fkIyqXDYwZZS5VT2qbnhK2BdCTeJkTtzItee642bJ2uo36eSw2fewOmVuNR43c2Chy1t/m5juBa7ObHYmLxLn5+lJZSwUmnnchIdEIAbFh61H/33mMzvlTR/s2+Xa0BjlXGw5Lm5uuJwJ177n5cjZ2ZDUcDBJWx5YsGsIu77pJCiBL5LhavZa/mL7XQe8v0Jikvu8bN7PXby3hExkIMIqj4+RVl3yKbUT+J1Ot8Muy1ya6g34SfTNHMCAiAjHiSZ7lqAuD2we39v1tWLo+D09ilD+dSkP+AiMfsi8EkuIWwwcqSCKcSnzb3rjUfn/VZ0M5O+GKoRRFLtX68VXmPFBZhP1eT1NyVJ2QGawqiXnGoniEJKmhvxZkrJR/VHbKdALhpN5o/Hy2lKtbhlggnvxD5RSrefHa69wLBHHCKy9luK2+Cej7z6ezDJCAfHUFPAZF30EtRJsjxwPVgtcf/I1yyStaV3s4CsFMV6nm+JtC2Df3ok1CLhtkxNJ7g0N/Ar4Xrh57kUXQr3DJ5A37GgZm0L+LCHG+1uMgND3jt7KDBtoq2TsEiE1gyYI6RQv1HqVOKDrH7+UddrmgeRMKu4TR0/TQEuX+bOfn/DAKI+oM6uKxWFiTYJufN9WyaJuBz/DC1+ZHDE0a8UxFN951OvTxrISWMuqPRuIz6LdCbmTMwbon7txDuZOaK2oI/FrQELoIKpL+1Ihful4JQ9HWiIXi1tUC0jRJZ9TKUv1Xwuj7nwcj9I/QByukNcvow6q7DQvhPx9hgYikYSFsXbRAmi+3v/iYyGDjzBJS7cZKgrFW96u2PICgv82cNTAGT1R3lK0ak/3LtDkTVfZLjmFp+CBouBmMhPA3lC+OsWuN4R0/FKpa/SdEyiydpH5Fq3ggRXIyCJR3egOr0wofLtHY92i2s8aENjGugar7r5qCQ3jcbJBem+dHRJ8KJrdQAmCRulwxkpCch3qw2oUBqm3dR3DtBHelPGjfvWf14Ynzf1w9YuvGO6Lhd8FdpNchNBjYDN4P2Q2MQa+Kp7JTgSqmsiKfxi211Ug+zEUVOmv2GblyRFA7eq3OZp407qZtOGMlHPmW0fUkn5eyPpNRA6hLZxOKl33yzO5tIpLmB5fqvMiMolk73tKgsJw6JySYQ3NGwFc4smbvGbrjIOVT2KGyJy2U5MX4AZBjnNlVmxaULvB4t5Z6mD6dKYXGKGNF6UCosK6FtAMfUyivjz5qtVC0KLGhcRGR2RzM0ZG6WQXcXKrYyqGcjDbrLAQOEvba2fICPFGW5x4GWCi/NtBdwi/JJkdbcSPAMyM1rdDJhqEMKbr7cD3FyFpp2oSgRE8o6SttduD4yPUCV0xRwnyavskEJRx4pDdKQNlfbcYBmHd3Lq5ZAmfG0cF0+T/wbAwHAL165VuIZIDG8wJ/Mv7TOigrkPR0U3c+gpNNkZqAUAtfMKeAQIWtLNIT2ryNTJ
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: e8a3fcf4-d9fa-426e-c905-08db2492b879
X-MS-Exchange-CrossTenant-AuthSource: GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Mar 2023 13:47:58.3121 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: UF9M1xfXc6lfwpvznNvRbMQrUflt2s6c9CjxzRDVbcEcSOYJiVLqjean6s7e5zXbT4ZqRokae1fJP95yKeEgrw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVYP280MB0093
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/-ghAoC6mwmyaGT4CJT4BYL2Zs6M>
Subject: Re: [core] [Lake] 🔔 Working Group Last Call (WGLC) of draft-ietf-core-oscore-edhoc-06
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Mar 2023 13:48:09 -0000

Hi John,

Thanks a lot for your review! We have addressed your comments in the new 
version -07.

Please find detailed answers in line.

Best,
/Marco

On 2023-02-25 18:21, John Mattsson wrote:
>
> Hi,
>
> I have reviewed draft-ietf-core-oscore-edhoc-06. I think it is ready 
> with issues.
>
> - "Profiling EDHOC for CoAP and OSCORE"
>
>   Not sure this is a suitable name. It does not really profile EDHOC.
>

==>MT
We have changed the document title to "Using EDHOC with CoAP and OSCORE".
<==

> - OLD "first subsequent OSCORE transaction" (several occurences)
>
> - NEW "first OSCORE transaction"
>
>   it is not subsequent anymore
>

==>MT
Fixed (4 occurrences).
<==

> - "CoAP [RFC7252], CBOR [RFC8949], CBOR sequences [RFC8742], OSCORE
>
> [RFC8613] and EDHOC [I-D.ietf-lake-edhoc]."
>
>   IETF uses the Oxford comma. (Probably several occurences).
>

==>MT
Fixed and revised the whole document.
<==

> - "may be set to application/cid-edhoc+cbor-seq." (several occurences)
>
>   Any reason this is not a normative MAY, also what is the reason for 
> not have SHOULD or SHALL?I don’t have a strong opinion.
>

==>MT
This is an "Overview" section, so we are avoiding normative language 
altogether and we don't want to restate (or suggest deviations from) 
what draft-ietf-lake-edhoc says. We especially avoid using SHOULD/SHALL 
since, in its section 3.1, draft-ietf-lake-edhoc simply says:

   "Media types that may be used for EDHOC are defined in Section 9.8."

We have anyway rephrased the three occurrences in this Section 2 to say 
"can be set to".
<==

> - OLD "not transported precisely in the request payload."
>
> - NEW "not transported in the request payload."
>
> But probably better to just say "as specified in Section 3.2, C_R is 
> transported in the OSCORE Option."
>

==>MT
Yes, it's even better to merge the two suggestions. We rephrased to say:

"as specified in Section 3.2, C_R is transported in the OSCORE Option 
rather than in the request payload"
<==

> - "using the new OSCORE Security Context established after receiving 
> EDHOC message_2."
>
> I think this should be "after creating EDHOC message_3"The context 
> depends on message_3.
>

==>MT
Yes; before generating and installing the OSCORE Security Context, you 
actually need to have successfully created EDHOC message_3, especially 
instead of an EDHOC error message.

We rephrased the whole step 2 in the client processing as follows:

OLD:
Encrypt the original CoAP request as per Section 8.1 of [RFC8613], using 
the new OSCORE Security Context established after receiving EDHOC message_2.

NEW:
Establish the new OSCORE Security Context and use it to encrypt the 
original CoAP request as per Section 8.1 of [RFC8613].

(which happens strictly after the previous step 1, where EDHOC message_3 
is composed)
<==

> - "Check that the EDHOC + OSCORE request includes the OSCORE option
>
>    and that the request payload is a CBOR sequence composed of two
>
>    CBOR byte strings."
>
> Should check for the EDHOC option as well
>

==>MT
Sure, however, that happens upfront. That is, the sequence of steps 
already refers to a message including the EDHOC option. Before the 
sequence of steps starts, the text says:

     "In order to process a request containing the EDHOC option, i.e., 
an EDHOC + OSCORE request, the server MUST perform the following steps."

So, no action taken.
<==

> - The document is not clear on if you can send back an EDHOC error 
> over OSCORE or not. Itshould be.
>

==>MT
This point underwent several good discussions. There was consensus on 
not encrypting the EDHOC error message. Consistently, we have updated 
the second from last paragraph in Section 3.3 "Server processing", which 
now reads as follows (new text between [NEW-START] and [NEW-END]):

"If step 4 (EDHOC processing) fails, the server discontinues the 
protocol as per Section 5.4.3 of [I-D.ietf-lake-edhoc] and responds with 
an EDHOC error message with error code 1, formatted as defined in 
Section 6.2 of [I-D.ietf-lake-edhoc]. [NEW-START]The server MUST NOT 
establish a new OSCORE Security Context from the present EDHOC session 
with the client, hence the CoAP response conveying the EDHOC error 
message is not protected with OSCORE. Furthermore,[NEW-END] the CoAP 
response conveying the EDHOC error message MUST have Content-Format set 
to application/edhoc+cbor-seq defined in Section 9.9 of 
[I-D.ietf-lake-edhoc]."
<==

> - As discussed in LAKE you can get 128-bit authenticatation security 
> by combinging two 64 bit tags. Has this been discussedin CORE?Ifthe 
> mechanism gives this propertyfor either peeris should be mentioned.
>

==>MT
We have added one more paragraph in Section 7 "Security Considerations", 
see current third paragraph and its inner bullet list.
<==

> - Is is clear what happens if the EDHOC + OSCORE Request is retransmitted?
>

==>MT
We think so, and we are not saying anything more than what is already 
defined in Section 5.1 of draft-ietf-lake-edhoc, i.e.:

     "Different instances of the same message MUST NOT be processed in 
one session. Note that processing will fail if the same message appears 
a second time for EDHOC processing in the same session because the state 
of the protocol has moved on and now expects something else."

Consistently, a retransmission of the EDHOC + OSCORE Request results in 
a failure at the server when performing step 4 of Section 3.3, in case 
the server has already successfully completed that EDHOC session. Later 
on in the same section, we inherit the error handling defined in the 
draft-ietf-lake-edhoc, including for this particular case.

This was also discussed at the 2023-03-01 CoRE interim meeting, where it 
was confirmed to defer this to the error handling already defined in EDHOC.

So, no action taken here.
<==

> - "where the ID Context has zero-length."
>
> This seems wrong. There is nothing special with the zero-length ID 
> Context.
>
> This should be "where the ID Context is not present"
>

==>MT
You're right, good catch!

Building on the overall new formulation from Christian's review, we have 
revised the content of Sections 4.1.1 and 4.1.2 to consider a non 
present ID Context, as you say.
<==

> - 'ead1', 'ead2', 'ead3' and 'ead4'
>
>   This makes no sense to me. Either you support EAD or not. Also 
> knowing that theother party support EAD is useless. You need to know 
> what kind of EAD. I stongly think thisshould use values from the EDHOC 
> External Authorization Data Registry.
>

==>MT
What you say was exactly our original intention; the text was not clear 
enough.

Following our more recent discussion on this point, we have further 
simplified this part in Section 6, by introducing only one target 
attribute ed-ead. Its value is the ead_label of an EAD item that the 
server supports, and it is indeed taken from the "EDHOC External 
Authorization Data" registry.

Thanks a lot again!
<==

> Cheers,
>
> John
>
> *From: *core <core-bounces@ietf.org> on behalf of Carsten Bormann 
> <cabo@tzi.org>
> *Date: *Wednesday, 15 February 2023 at 23:39
> *To: *Christian Amsüss <christian@amsuess.com>
> *Cc: *core@ietf.org <core@ietf.org>, lake@ietf.org <lake@ietf.org>
> *Subject: *Re: [core] [Lake] 🔔Working Group Last Call (WGLC) of 
> draft-ietf-core-oscore-edhoc-06
>
> On 15. Feb 2023, at 23:25, Christian Amsüss <christian@amsuess.com> wrote:
> >
> > * 3.2 step 3: "The first CBOR byte string is the EDHOC message_3
>
> Ah.
>
> We are using the term “byte string” to describe the generic data model 
> data item with that name (using major type 2 and enclosing a sequence 
> of bytes into a single data item).
>
> We are using the term “encoded CBOR data item” to describe the 
> sequence of bytes that results from encoding a CBOR data item (any 
> CBOR data item of course, not just a byte string).
>
> So where the byte string is h’010203’, the encoded CBOR data item 
> encoding that data item is 43010203 hex.
> The latter, of course, can be carried in another byte string 
> h’43010203’, which would then be encoded as 4443010203 hex.
> So it is really important not to confuse “CBOR byte string” with 
> “encoded CBOR data item”.
>
> (Of course, this distinction applies to any representation format that 
> can carry its own encodings, as in the JSON text
>
>     “{\”a\”: 1, \”b\”: 2}”
>
> which is obviously not the same as the JSON text
>
>     {“a”: 1, “b”: 2}
>
> In JSON this kind of embedding is rather expensive and thus done less 
> often, while in CBOR embedding encoded data items in byte strings is a 
> rather natural way to carry certain kinds of information.)
>
> Grüße, Carsten
>
> _______________________________________________
> core mailing list
> core@ietf.org
> https://www.ietf.org/mailman/listinfo/core 
> <https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fcore&data=05%7C01%7Cmarco.tiloca%40ri.se%7C7f8bd53e47604b1b8f4808db1754de00%7C5a9809cf0bcb413a838a09ecc40cc9e8%7C0%7C0%7C638129425509247911%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=x9s3MfKi%2FGKGqQQ176SNUEKNUQzg3SSCS77efBbsgcI%3D&reserved=0>
>
>
> _______________________________________________
> core mailing list
> core@ietf.org
> https://www.ietf.org/mailman/listinfo/core

-- 
Marco Tiloca
Ph.D., Senior Researcher

Phone: +46 (0)70 60 46 501

RISE Research Institutes of Sweden AB
Box 1263
164 29 Kista (Sweden)

Division: Digital Systems
Department: Computer Science
Unit: Cybersecurity

https://www.ri.se