Re: [COSE] Structure of CBOR certificates
Joel Höglund <joel.hoglund@gmail.com> Mon, 27 July 2020 16:24 UTC
Return-Path: <joel.hoglund@gmail.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 820873A1B25; Mon, 27 Jul 2020 09:24:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iUhuWNzGYXg8; Mon, 27 Jul 2020 09:24:52 -0700 (PDT)
Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA9F03A1B39; Mon, 27 Jul 2020 09:24:37 -0700 (PDT)
Received: by mail-wr1-x42e.google.com with SMTP id a14so15522998wra.5; Mon, 27 Jul 2020 09:24:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qelDdkHxD2MNryuUirLIMvENB98jiG21CK3vtO1UckI=; b=VzLCdZBgYDduKdMRG+cRnFf9v4PajAR4lSFb5Ci3FxGAR0xJ8kf/pDWGA1Z2K1dPPN YPmEpzs7zxqNbVW2YimWISods88q/hnvPDlHhlKFJAOzeJ5b/uXhB6NsgzROVPKQJaeL 4EmdgjdckQsENao7QAmF5c78LS7Ukny5sJTlkdnKL+Yke2Pf6CuzPcgIFC1eRrjLN1ea L3tGvTyyfPA3Bg5Q5wNCq9u8tFiTEJFn1PTsydKGkdsQ/VkIMqBsBZU/ze7RlSMIRzhJ kys1dg39oo9lgljUVSHX5WZiSYaP2qJqt2rdXwNsHWsP8CVFpFkov9emdiOBWKBzACeq u9DQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qelDdkHxD2MNryuUirLIMvENB98jiG21CK3vtO1UckI=; b=j/5d0yjNAbJKVRR3bpiFOHMpGca+7rrMKEBriyfvLDt/wmRIkmawYEH0Wjh4nsSDvi cYcH3TG1J9FBTic+/yQvjd2z5VwvyrAjl/TgnVqSiRnx6wGSW7pdZgyNRNZbWY1TpCfI yvahX27W3GhkSZ6EKEuTESx4HsMgQfpxZqi3p1Pf8xTud2aF2OPrLqXPt0KBcsLBlfJA +I1b1PR15ZqjRAV7gTI2NtqFg6WxTVEAfTfn4riqugiSOCDvpaOayIl6NDNgWcze34Po VH2OIGj3+c5IHQLghOBVsIdTXzUeNTBNuoHiKSGzA2lqCQlA/+efN33i6dsttVVZcZyz wHvA==
X-Gm-Message-State: AOAM531pfjsHTY0ymhgQdtUlVQKqpgm/nLBuvn2ZqaLdnvoj1Jnq1MZW gqt5910dq1kJJiX9g68s4VfstQ8YgHSc5g38l5fTUv8Hc8w=
X-Google-Smtp-Source: ABdhPJxvj0JqLSphQC9EpJBgwu+FyZXvu0Y2QN0ZX/qx5/Kb47mAleGE4lrO15vyO9x7gvGFY1yPfOZPYUK0bdyfW3Y=
X-Received: by 2002:adf:dfc7:: with SMTP id q7mr21005381wrn.80.1595867076199; Mon, 27 Jul 2020 09:24:36 -0700 (PDT)
MIME-Version: 1.0
References: <4fbee615-6d6f-700f-2439-237add7fbcf2@sit.fraunhofer.de> <CAHszGE+A=e9tdBZpa51wMasxm1AhA_xRbAUCmR55xXSJgtF7Lg@mail.gmail.com> <20200710125843.GA224527@LK-Perkele-VII> <CAHszGELkqDzL8n1FWOmLiTQh1jxS7EZKNZCqX89PEFoisHXPmg@mail.gmail.com> <702.1595377246@localhost> <CAHszGEKzcnCsNgZNpthAoJbK3JjSGYRDjsvN_2=QNqVP-F-hfg@mail.gmail.com> <75486A7D-E06F-49F8-A851-6A051816EBA7@tzi.org>
In-Reply-To: <75486A7D-E06F-49F8-A851-6A051816EBA7@tzi.org>
From: Joel Höglund <joel.hoglund@gmail.com>
Date: Mon, 27 Jul 2020 18:24:25 +0200
Message-ID: <CAHszGELSMnUnooaBUrxWDL9EoNRcOikKsz3s6H82u4CD-8FRig@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, draft-raza-ace-cbor-certificates@ietf.org, Ilari Liusvaara <ilariliusvaara@welho.com>, cose@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002f880f05ab6ec286"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/07wRdUTm_erlWCWpHQYZpEbjOMY>
Subject: Re: [COSE] Structure of CBOR certificates
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jul 2020 16:24:55 -0000
Hi! A reply and a comment below: On Wed, 22 Jul 2020 at 13:12, Carsten Bormann <cabo@tzi.org> wrote: > Hi Joel, > > > Michael, to quickly reply to your explicit question: the new draft was > posted before the IETF 108 deadline on 2020-07-13, which is also before the > expiry dates of the three different drafts that are now combined. ( > https://datatracker.ietf.org/doc/draft-mattsson-cose-cbor-cert-compress/ ) > > That draft says in > https://datatracker.ietf.org/doc/draft-mattsson-cose-cbor-cert-compress/ > that it Replaces draft-raza-ace-cbor-certificates, > draft-mattsson-tls-cbor-cert-compress > > What is the third draft? > The current draft, draft-mattsson-cose-cbor-cert-compress-01 is the result of updating and combining: draft-raza-ace-cbor-certificates-04, draft-mattsson-tls-cbor-cert-compress-00 and draft-mattsson-cose-cbor-cert-compress-00. > > > Another observation is that while our starting point has been to encode > rfc7925 compliant certificates, we hope to make the proposal more future > proof by allowing new algorithms also deemed suitable for constrained > environments. With that target, we think it is possible to exclude RSA on > the list of supported algorithms. > > Supported for what… > > The chain may still have RSA certificates in it. > > Grüße, Carsten > Supported for being possible to parse and validate by an IoT device: if a chain has RSA certificates in it, the end device would need to implement RSA algorithms too. Which is what we have considered out of scope. From rfc7925, the following explicit constraint is stated: There are various cryptographic algorithms available to sign digital certificates; those algorithms include RSA, the Digital Signature Algorithm (DSA), and ECDSA. ... [C]ertificates are signed using ECDSA in this profile. This is not only true for the end-entity certificates but also for all other certificates in the chain, including CA certificates.This profiling reduces the amount of flash memory needed on an IoT device to store the code of several algorithm implementations due to the smaller number of options." Best Regards Joel Höglund <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Virus-free. www.avg.com <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
- [COSE] Structure of CBOR certificates Henk Birkholz
- Re: [COSE] Structure of CBOR certificates Joel Höglund
- Re: [COSE] Structure of CBOR certificates Göran Selander
- Re: [COSE] Structure of CBOR certificates Ilari Liusvaara
- Re: [COSE] Structure of CBOR certificates Joel Höglund
- Re: [COSE] Structure of CBOR certificates Ilari Liusvaara
- Re: [COSE] Structure of CBOR certificates Russ Housley
- Re: [COSE] Structure of CBOR certificates Michael Richardson
- Re: [COSE] Structure of CBOR certificates Michael Richardson
- Re: [COSE] Structure of CBOR certificates Joel Höglund
- Re: [COSE] Structure of CBOR certificates Carsten Bormann
- Re: [COSE] Structure of CBOR certificates Michael Richardson
- Re: [COSE] Structure of CBOR certificates Russ Housley
- Re: [COSE] Structure of CBOR certificates Henk Birkholz
- Re: [COSE] Structure of CBOR certificates Michael Richardson
- Re: [COSE] Structure of CBOR certificates Ilari Liusvaara
- Re: [COSE] Structure of CBOR certificates Joel Höglund
- Re: [COSE] Structure of CBOR certificates Joel Höglund
- Re: [COSE] Structure of CBOR certificates Russ Housley