[core] empty KID values
Michael Richardson <mcr+ietf@sandelman.ca> Mon, 04 July 2022 17:29 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1496CC15A722; Mon, 4 Jul 2022 10:29:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.706
X-Spam-Level:
X-Spam-Status: No, score=-1.706 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KibjzzeHLVzh; Mon, 4 Jul 2022 10:29:13 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8252C147930; Mon, 4 Jul 2022 10:29:12 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id EB2D839B4C; Mon, 4 Jul 2022 13:46:06 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id yjgxykhR-xWo; Mon, 4 Jul 2022 13:46:06 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id EECD739B44; Mon, 4 Jul 2022 13:46:05 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sandelman.ca; s=mail; t=1656956765; bh=smIjM8UsQ9x2mFjedsEJtsgZIcHJ315GPyWw4QiE9iE=; h=From:To:cc:Subject:Date:From; b=jUbogdzXoffqiWWyefKkw6Ag0JpiakrwMP5Up1wRdxnG5kehwksVQPiyQ2s1D2F03 rH+LFa1Gbeh+VnZf+iB1DX5nGVCwYp4CtihWYRjYVXWhKGKy8ir3NUkYcnTnonKzz7 5tJq6Acm5W0XFQNutikCtZ8mLZON+J+VYR2IMRI/2DFEu6FkxGyW8l/Z7bX/PVEnlf r0yor1cC3vWNwhsXwKVZOkmqGwzu5XI6KZeJ6eDiTasQqeIvnlIHo9PWUTDIWW2eXx Hm802DN8If61OEfzBRwEi9agmT2xeIc2//w5cEV0uU05aPgsUYTXE8bRjTWzarJVy2 76zoC5LarbiJQ==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 02009119; Mon, 4 Jul 2022 13:29:10 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: anima@ietf.org, cose@ietf.org
cc: core@ietf.org
X-Attribution: mcr
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 27.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Mon, 04 Jul 2022 13:29:09 -0400
Message-ID: <959.1656955749@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/2o4SdTnAOtuETOnfQCDrFObqh44>
Subject: [core] empty KID values
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jul 2022 17:29:18 -0000
RFC9254-to-be/yang-cbor says:
Data nodes implemented using a CBOR array, map, byte string, or text
string can be instantiated but empty. In this case, they are encoded with
a length of zero.
When encoding/dealing with the COSE Sign0 in
draft-ietf-anima-constrained-voucher, we have some puzzling about what to do
with:
kid: null
or: kid: ""
or: kid: h''
so, two remarks. First, the kid: field is in the Sign0 structure, not
actually in the YANG-CBOR, so arguably the above comment does *NOT* apply!
My puzzling is about kid. Should I treat a null/empty kid as if there were
no kid field at all, and then use some other heuristic to find the right
verification key, or should I treat it as a entry null, which must match
a null/""/h'' entry in a database for the key.
Normally, it might be a hash of a public key, so seeing h'xx..xx' would be
reasonable.
I'm curious what COSE people say.
KID is annoyingly use case specific :-(
--
Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
- [core] empty KID values Michael Richardson
- Re: [core] [COSE] empty KID values Orie Steele
- Re: [core] [COSE] empty KID values Esko Dijk
- Re: [core] [COSE] empty KID values Laurence Lundblade
- Re: [core] [COSE] empty KID values Carsten Bormann