Re: [core] [Ace] draft-raza-ace-cbor-certificates-04.txt
Joel Höglund <joel.hoglund@gmail.com> Fri, 24 April 2020 11:37 UTC
Return-Path: <joel.hoglund@gmail.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C86123A0952 for <core@ietfa.amsl.com>; Fri, 24 Apr 2020 04:37:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DEMG88xk6YCe for <core@ietfa.amsl.com>; Fri, 24 Apr 2020 04:37:33 -0700 (PDT)
Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78C003A0947 for <core@ietf.org>; Fri, 24 Apr 2020 04:37:33 -0700 (PDT)
Received: by mail-ed1-x52e.google.com with SMTP id j20so6955626edj.0 for <core@ietf.org>; Fri, 24 Apr 2020 04:37:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=6rRxbWSlaHeZFjuFH3NKBoPXfWSuEngJTgsfLUwcuJk=; b=L0ETnVFpThzLUQKUjudvncaTh1Ja6Wgm09OJL5oF+cwi7Ur1lb86nHbE65gwnWU9U4 MhkX/e83spdw8YPiyhRtee+eMy2n0WM+ciYRwLQXJnYuQTLFzMXnpEA7OJdHGuxeYSug MZ9uLbFHGX3/Co3AnIL3ydiOYaW9mrhAuR/Id/+6qoa/C/blbPb1mJ9RgqmxJ5V7POkD deNomBkk5O/6sW/EVtjPAOQeApULVPoh6vg9/BD4pSug+N4TcRRXNEveY+P1Nhf7+ZsE 26r3gWjMPkIgvpf8PxXre20++GQPeaXcYy+47MLe4TH6cj6W5EoHmo7xd8rmG6IM/TTN Zpcg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=6rRxbWSlaHeZFjuFH3NKBoPXfWSuEngJTgsfLUwcuJk=; b=lnCqZC9AfGalz/Der4VvVYc+5PVUNtwysZNcNwGvhrMKEWD8xocg1sKDnUTh3Xs3yz fZNieVF/7NaLgMIlK3YAeYC9SWA84ffMupyBlHFdRth/s67sALkUYXEx/VqrStjtE3je +4l1AA1bHWCN27AQnA2cEg+Ukn9pgGF7MgJFIazorrYPMl004GwaZ8kUEF8Rt74MTk5W lhmDxqs4VHLVxXeoR/cm1l8UYH1nC6SKF+KB94TtxfIPkkuodW06b8qol2P6CB+NAWpR aUcPxFNgIJH9aer32exAUCuN13UboVelr7p+rKv515wyMIJOWx+fyCt3jbklDok3g5ic sO9g==
X-Gm-Message-State: AGi0PuYbJct0+06fja4RAoDNs1gJY7W1A06VH86ZVpfq5KKBM+grhJIy LY/T9ixeQbagv7S+YQK7cliOQE9sIUjwcOOKVWkBX3oRCHk=
X-Google-Smtp-Source: APiQypI8SRviVHzTJhRLUpSN6oeTBZY3WRpnoeGtmtH9Ttd6zcJYm3sHDQBb3VcR7Q8uetqmlJV8jaezV6BItxhqBAE=
X-Received: by 2002:a05:6402:3136:: with SMTP id dd22mr6613584edb.165.1587728251544; Fri, 24 Apr 2020 04:37:31 -0700 (PDT)
MIME-Version: 1.0
From: Joel Höglund <joel.hoglund@gmail.com>
Date: Fri, 24 Apr 2020 13:37:20 +0200
Message-ID: <CAHszGE+s0gBKNmDky4NZLP3SO-BqosQ2FvA7HeZprv3jWFFL7g@mail.gmail.com>
To: core@ietf.org
Content-Type: multipart/alternative; boundary="0000000000006eeeaf05a407caab"
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/S8YgAUb66d734R-WlmEu-I0kMAs>
Subject: Re: [core] [Ace] draft-raza-ace-cbor-certificates-04.txt
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Apr 2020 11:37:36 -0000
Hi! First a meta comment: I’m now answering to both the ACE and the CORE mailing list. If the working group chairs have recommendations on where to keep the continued discussion I’m eager to hear. Thank you for your review! Some answers to the questions are inline below. > When you sign CBOR, usually it is wrapped in a bstr. This is important > to be able to use typical CBOR encoders/decoders. This doesn’t seem > to be the case here, at least I don’t see it in the text near the end of > section 3. Since this bstr wrapping has become the expected norm we agree this is a good suggestion for an improvement with low overhead, which we will add for the next version. > Was any consideration given to using the COSE algorithm registry rather > than defining a new one? Yes, it is still work in progress to determine if the COSE algorithm registry can accommodate the algorithms deemed useful for inclusion. > But of most interest to me is whether the COSE was considered as the > signing format for native CBOR certs. If COSE is used, then this looks > almost identical to CWT and may be a native CBOR cert is a variant of > a CWT? … … Our starting point has been to stay close to the original X.509 format while minimizing size. A COSE encoding would re-add some format overhead (close to 10% for the provided example certificate). But if a COSE encoding would help making the format accepted and used, it can definitely be further discussed. Once again, thank you for your comments! and Best Regards Joel Höglund *Från:* Ace <ace-bounces@ietf.org> för Laurence Lundblade < lgl@island-resort.com> *Skickat:* den 22 april 2020 17:23 *Till:* Ace Wg <ace@ietf.org> *Ämne:* [Ace] draft-raza-ace-cbor-certificates-04.txt I have a few comments / questions about draft-raza-ace-cbor-certificates-04.txt section 6 on native CBOR certs When you sign CBOR, usually it is wrapped in a bstr. This is important to be able to use typical CBOR encoders/decoders. This doesn’t seem to be the case here, at least I don’t see it in the text near the end of section 3.. Was any consideration given to using the COSE algorithm registry rather than defining a new one? But of most interest to me is whether the COSE was considered as the signing format for native CBOR certs. If COSE is used, then this looks almost identical to CWT and may be a native CBOR cert is a variant of a CWT? One advantage of this would be reuse of some of the CWT (and EAT) code. Some of the fields in the CBOR cert might overlap with CWT claims. That might be a good thing. LL _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
- Re: [core] [Ace] draft-raza-ace-cbor-certificates… Joel Höglund