Re: [COSE] Key identifier of type bstr / int
Orie Steele <orie@transmute.industries> Mon, 21 March 2022 18:04 UTC
Return-Path: <orie@transmute.industries>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA6FF3A1245 for <cose@ietfa.amsl.com>; Mon, 21 Mar 2022 11:04:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cEYHXrbNVAQv for <cose@ietfa.amsl.com>; Mon, 21 Mar 2022 11:04:37 -0700 (PDT)
Received: from mail-lf1-x134.google.com (mail-lf1-x134.google.com [IPv6:2a00:1450:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37E9C3A1211 for <cose@ietf.org>; Mon, 21 Mar 2022 11:04:37 -0700 (PDT)
Received: by mail-lf1-x134.google.com with SMTP id w27so25912208lfa.5 for <cose@ietf.org>; Mon, 21 Mar 2022 11:04:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Kel7psWSughe3FkztcjGMdT7wdepbZVjuG/orXcUI74=; b=LVCZ+vtP6PtLrG+HvVK1Ni2safecA2DjqSTQV0hv7KCKLjAHYXipnUHSDRz80zpEbC QPBPSXwWQMBxvhiUhpRbCGcWTtsc9qpk01s8dNkgxSDCt1fNMuQQZCFrHJjwwxbNdANP zipDJhrhDRekrprcX3ysp/hIIc34cS1Y+WKP+B3oF+o8pWXmoglXi7w1w4yBnZ0h6vZR N7p/Iy+njfBLdkkOoKScKDYs2UtuwaPFmiUZd2V0eE4nyLdftPSgaUTimEpZXcy2BUZ3 H2Kmih/u9JynhDeWFp7uQJOrMp0LTJepevvdj+vSQ1vTr2kl5+7K5Le39FGYFF6fBpqq 59Rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Kel7psWSughe3FkztcjGMdT7wdepbZVjuG/orXcUI74=; b=d2lUFYnKjWDHds+Y5ZxoGtr+CBmy4O583f+QawGVpVl4BQrrayIiGKCLNmxs27H9EJ voKmEK0mPmRcfYfYkZweYw6ZjF0PjMcuUI5YZoCjsK4jXtmX/kT0+BxkjzKr+MLcfQSo 3ufG+2LDsrNXrU8an0KNOvWN3dbwT0w/1CWqUvGc8404sUEa5ooCjgTirdzepGfXe6kW ilf8y8MUsL46MFkhNl0YYwyk9LQQXVHx/2Q97hjWrHqEVGOdQyJkhJyCNrjFLhvV69Cg i5krfqaii7T2CQPlUe8uZ2NgjiCPsZt0oWENXjsm74Wbc044w61YEFWUqM98HGtwqf4F Q7zA==
X-Gm-Message-State: AOAM533JXiAusgnjB7cDObj9nV75gG4vrALEpYx44/QTW4asmPrLUYbv MyI32xwoORJjuJAg1pLAYIchEqZ+hiUu9HnfmukrXHAtNJ4=
X-Google-Smtp-Source: ABdhPJzrbaswIYqT+yExdzSMRM0W0YVBm7Mygybkkb6ynsadD/NMJnh3nP/os9M8i1Bzxn0EQ5VLLxIyKlt/wTZiDsE=
X-Received: by 2002:a19:5f12:0:b0:44a:3274:9b96 with SMTP id t18-20020a195f12000000b0044a32749b96mr2421255lfb.251.1647885874832; Mon, 21 Mar 2022 11:04:34 -0700 (PDT)
MIME-Version: 1.0
References: <95B75634-B147-4756-A950-C6B139CF3ADD@ericsson.com> <9DF382AC-12A8-47A5-AAE7-2B0D75EAA669@island-resort.com> <EDFDB6E4-2BDE-4E2E-9CF0-D771E2DEF3C6@ericsson.com> <823C00C2-4F6C-4DF5-99B0-87D8524D4A9C@island-resort.com> <C059B669-4C5D-4980-A665-96A39F4457C3@island-resort.com> <AM4PR0701MB21958541C07CEA44DB1B1578F4169@AM4PR0701MB2195.eurprd07.prod.outlook.com> <CAN8C-_+3sWckZKo7KS2fsPU4pBHo+NNGgQpxg7p8LytFX01eEw@mail.gmail.com> <AM4PR0701MB2195D76D8CFCC873C1D05A04F4169@AM4PR0701MB2195.eurprd07.prod.outlook.com> <CAN8C-_K4EfFSar9H_QR+cV_pz+xhXtWA=pKK+rFv241E5DQofQ@mail.gmail.com> <DC1C335A-629D-4E4F-97BD-B4CA3519EDC6@island-resort.com>
In-Reply-To: <DC1C335A-629D-4E4F-97BD-B4CA3519EDC6@island-resort.com>
From: Orie Steele <orie@transmute.industries>
Date: Mon, 21 Mar 2022 13:04:23 -0500
Message-ID: <CAN8C-_Ks26cf38Y3c1htzhYV4zpos=2fUnCxDaxjtrJbVVytkA@mail.gmail.com>
To: Laurence Lundblade <lgl@island-resort.com>
Cc: Göran Selander <goran.selander@ericsson.com>, "cose@ietf.org" <cose@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000334c8b05dabe5437"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/5uxSQ4yxi5KBagIFoZetrRGV9kQ>
Subject: Re: [COSE] Key identifier of type bstr / int
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2022 18:04:44 -0000
Thank you, much clearer. My current position is that I am unconvinced that it's needed, or a good idea :) ... any links or summary for why a new key identifier is needed would be helpful. However, of the names suggested I am mostly a fan of "intkid". OS On Mon, Mar 21, 2022 at 1:01 PM Laurence Lundblade <lgl@island-resort.com> wrote: > Let me try to be more clear. > > The COSE standard now is: > > kid => bstr > > If we make this change: > > kid => int / bstr > > then we break backwards compatibility for COSE as Mike pointed out today. > So we need a separate parameter called kid2, ckid, intkid or such. > > To not break backwards compatibility we need: > > intkid = int > > or: > > intkid = int / bstr > > (I don’t remember why an int kid was needed, but do remember I was > convinced that it was) > > LL > > > On Mar 21, 2022, at 6:43 PM, Orie Steele <orie@transmute.industries> > wrote: > > I think I may have misread your proposal. > > Why do we need `kid2` is this just so that we can have an integer `kid` ? > > Seems not worth it to me, since `kid` is already legal in CBOR, my > proposal of `ckid` makes no sense. > > So I am basically just saying I dislike seeing `kid2` and don't understand > what its value prop is. > > OS > > > > > > On Mon, Mar 21, 2022 at 12:16 PM Göran Selander < > goran.selander@ericsson.com> wrote: > >> Hi Orie, >> >> >> >> Thanks for input. I didn't get the proposal though: >> >> >> >> > If we really need an integer version of `kid` I would suggest >> following the `jti / cti` convention and calling it `ckid`... keeping it >> optional (as is the convention), and ensuring it is not part of thumbprint >> computations. >> >> >> >> RFC 7517/7519: kid and jti value are case-sensitive strings >> >> >> >> RFC 8152/8392: kid and cti value are CBOR bstr >> >> >> >> Is there any difference between a `ckid` which is CBOR int or a `kid2` >> which is a CBOR int (besides the name)? >> >> >> >> Thanks >> >> Göran >> >> >> >> >> >> *From: *Orie Steele <orie@transmute.industries> >> *Date: *Monday, 21 March 2022 at 14:55 >> *To: *Göran Selander <goran.selander@ericsson.com> >> *Cc: *Laurence Lundblade <lgl@island-resort.com>, cose@ietf.org < >> cose@ietf.org> >> *Subject: *Re: [COSE] Key identifier of type bstr / int >> >> I am a -1 to changing `kid`, it should remain a string, for compatibility >> with existing key identifier systems. >> >> Including ones that support >> https://datatracker.ietf.org/doc/html/rfc7638#section-1 >> >> See the original definition: >> https://datatracker.ietf.org/doc/html/rfc7517#section-4.5 >> >> > The "kid" value is a case-sensitive string. >> >> Many implementations have built hard dependencies on RFC7515. >> >> One of the nicest things about JOSE / COSE is being able to "upgrade" >> from JOSE to COSE. >> >> Having a significant difference between `kid` in JOSE and COSE would be >> harmful. >> >> If we really need an integer version of `kid` I would suggest following >> the `jti / cti` convention and calling it `ckid`... keeping it optional (as >> is the convention), and ensuring it is not part of thumbprint computations. >> >> Regards, >> >> OS >> >> >> >> >> On Mon, Mar 21, 2022 at 8:35 AM Göran Selander <goran.selander= >> 40ericsson.com@dmarc.ietf.org> wrote: >> >> Hi Laurence, >> >> >> >> Thanks for copying in the old thread. As noted, you and others preferred >> `kid` as bstr / int rather than `kid2` as int when we discussed it last >> time. Would be good to come out with a more solid motivation this time so >> we can converge on this :-) >> >> >> >> With `kid2` as int, the fields that uses both bstr and int would be of >> type `kid` / `kid2` which is fine. >> >> >> >> There is an algorithm for translation from CBOR bstr / int to byte >> strings on the wire (back and forth) in draft-ietf-core-oscore-edhoc. >> >> >> >> Göran >> >> >> >> >> >> *From: *COSE <cose-bounces@ietf.org> on behalf of Laurence Lundblade < >> lgl@island-resort.com> >> *Date: *Monday, 21 March 2022 at 14:14 >> *To: *Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org> >> *Cc: *cose@ietf.org <cose@ietf.org> >> *Subject: *Re: [COSE] Key identifier of type bstr / int >> >> Thinking about Mike’s comment today in COSE/Vienna about backwards >> compatibility. Looked at my code around this. That definitely seems like an >> issue. >> >> >> >> What about defining “kid2” as just int? “kid” stays as bstr only. Then >> there’s no backwards compatibility break. Adding support for another >> integer parameter isn’t difficult. The downside is a little extra code to >> look at two different parameters. >> >> >> >> You’d probably want to say that only one of the two kids MUST be present. >> >> >> >> Another random idea — could you say that it is allowed to translate an >> integer kid to a bstr kid by assuming network byte order and stripping >> leading zeros? >> >> >> >> LL >> >> >> >> >> >> >> >> >> >> On Aug 13, 2021, at 3:01 AM, Laurence Lundblade <lgl@island-resort.com> >> wrote: >> >> >> >> Understood about the use case. Thx for the background. >> >> >> >> On Aug 10, 2021, at 3:13 AM, Göran Selander < >> goran.selander=40ericsson.com@dmarc.ietf.org> wrote: >> >> >> >> Assume that we do want to allow key identifiers to be CBOR ints in >> certain settings, what is the best (least intrusive) way to allow this >> while still maintain compatibility with 'kid's supporting the type bstr? >> Another alternative to what has been listed below is to define 'kid2' to >> only be of type int - is that a better option? >> >> >> >> I didn’t write actual code to check, but they about the same to me. >> >> >> >> ‘kid' as int/bstr seems less confusing to me than ‘kid2’. It tells you it >> does exactly the same thing whether it is an int or a bstr. >> >> >> >> So my pick is ‘kid’, but ‘kid2’ is OK too. >> >> >> >> LL >> >> >> >> _______________________________________________ >> COSE mailing list >> COSE@ietf.org >> https://www.ietf.org/mailman/listinfo/cose >> >> >> >> >> -- >> >> *ORIE STEELE* >> >> Chief Technical Officer >> >> www.transmute.industries >> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-a7ff2eb208872658&q=1&e=94b1f6ec-570c-49db-b72f-d15cfe926d93&u=http%3A%2F%2Fwww.transmute.industries%2F> >> >> >> >> >> <https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-c169100f194b3f01&q=1&e=94b1f6ec-570c-49db-b72f-d15cfe926d93&u=https%3A%2F%2Fwww.transmute.industries%2F> >> > > > -- > *ORIE STEELE* > Chief Technical Officer > www.transmute.industries > > <https://www.transmute.industries/> > > > -- *ORIE STEELE* Chief Technical Officer www.transmute.industries <https://www.transmute.industries>
- [COSE] Key identifier of type bstr / int Göran Selander
- Re: [COSE] Key identifier of type bstr / int Laurence Lundblade
- Re: [COSE] Key identifier of type bstr / int Göran Selander
- Re: [COSE] Key identifier of type bstr / int Benjamin Kaduk
- Re: [COSE] Key identifier of type bstr / int Laurence Lundblade
- Re: [COSE] Key identifier of type bstr / int Göran Selander
- Re: [COSE] Key identifier of type bstr / int Laurence Lundblade
- Re: [COSE] Key identifier of type bstr / int Göran Selander
- Re: [COSE] Key identifier of type bstr / int Orie Steele
- Re: [COSE] Key identifier of type bstr / int Göran Selander
- Re: [COSE] Key identifier of type bstr / int Orie Steele
- Re: [COSE] Key identifier of type bstr / int Laurence Lundblade
- Re: [COSE] Key identifier of type bstr / int Orie Steele
- Re: [COSE] Key identifier of type bstr / int Göran Selander
- Re: [COSE] Key identifier of type bstr / int Orie Steele
- Re: [COSE] Key identifier of type bstr / int Benjamin Kaduk
- Re: [COSE] Key identifier of type bstr / int Anders Rundgren
- Re: [COSE] Key identifier of type bstr / int Mike Prorock
- Re: [COSE] Key identifier of type bstr / int Orie Steele
- Re: [COSE] Key identifier of type bstr / int Michael Richardson
- Re: [COSE] Key identifier of type bstr / int Carsten Bormann
- Re: [COSE] Key identifier of type bstr / int Anders Rundgren
- Re: [COSE] Key identifier of type bstr / int Laurence Lundblade
- Re: [COSE] Key identifier of type bstr / int Laurence Lundblade
- Re: [COSE] Key identifier of type bstr / int Göran Selander
- Re: [COSE] Key identifier of type bstr / int Orie Steele
- Re: [COSE] Key identifier of type bstr / int Anders Rundgren
- Re: [COSE] Key identifier of type bstr / int Carsten Bormann
- Re: [COSE] Key identifier of type bstr / int Laurence Lundblade
- Re: [COSE] Key identifier of type bstr / int Christian Amsüss
- [COSE] Attempting to summarize: Key identifier of… Christian Amsüss
- Re: [COSE] Key identifier of type bstr / int Ilari Liusvaara
- Re: [COSE] Key identifier of type bstr / int Tobias Looker
- Re: [COSE] Key identifier of type bstr / int Anders Rundgren
- [COSE] draft-looker-cose-bls-key-representations Anders Rundgren
- Re: [COSE] Key identifier of type bstr / int Michael Richardson
- Re: [COSE] draft-looker-cose-bls-key-representati… Orie Steele
- Re: [COSE] draft-looker-cose-bls-key-representati… Anders Rundgren
- Re: [COSE] Key identifier of type bstr / int Michael Richardson
- Re: [COSE] Key identifier of type bstr / int Carsten Bormann
- Re: [COSE] Key identifier of type bstr / int Laurence Lundblade