Re: [COSE] Stephen Farrell's Discuss on draft-ietf-cose-msg-20: (with DISCUSS and COMMENT)

[Göran Selander <goran.selander@ericsson.com>]

On 2016-11-03 05:58, "Jim Schaad" <ietf@augustcellars.com> wrote:

>
>
>> -----Original Message-----
>> From: Göran Selander [mailto:goran.selander@ericsson.com]
>> Sent: Wednesday, November 02, 2016 12:55 PM
>> To: Jim Schaad <ietf@augustcellars.com>
>> Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>; Justin Richer
>><jricher@mit.edu>;
>> cose-chairs@ietf.org; draft-ietf-cose-msg@ietf.org; The IESG
>><iesg@ietf.org>;
>> cose@ietf.org
>> Subject: Re: [COSE] Stephen Farrell's Discuss on
>>draft-ietf-cose-msg-20: (with
>> DISCUSS and COMMENT)
>> 
>> 
>> 
>> > On 2 nov. 2016, at 18:11, Jim Schaad <ietf@augustcellars.com> wrote:
>> >
>> >
>> >
>> >> -----Original Message-----
>> >> From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie]
>> >> Sent: Tuesday, November 01, 2016 2:16 PM
>> >> To: Jim Schaad <ietf@augustcellars.com>; 'Justin Richer'
>><jricher@mit.edu>
>> >> Cc: cose-chairs@ietf.org; cose@ietf.org; 'The IESG' <iesg@ietf.org>;
>>draft-
>> ietf-
>> >> cose-msg@ietf.org
>> >> Subject: Re: Stephen Farrell's Discuss on draft-ietf-cose-msg-20:
>>(with
>> DISCUSS
>> >> and COMMENT)
>> >>
>> >>
>> >> Hiya,
>> >>
>> >>> On 01/11/16 19:17, Jim Schaad wrote:
>> >>> Another thread dealing with this issue includes
>> >>> https://www.ietf.org/mail-archive/web/cose/current/msg00981.html  -
>> >>> basically the subject is 'make "alg" field optional'
>> >>>
>> >>> Usual suspects (Göran, Ludwig, Francesca) on one side, me and a
>> >>> couple of others on the other side.  Interestingly the antis
>>included
>> >>> Mike who argued for this in the JOSE.
>> >>
>> >> Heh. To be honest, I'm not sure what's best here. Normally if
>> >> it were just my design tastes against the WGs, I'd happily
>> >> fold. But in this case we have an appendix that says how to
>> >> not do what's a MUST in the body of the spec. And I suspect
>> >> that this could damage interop depending on whether or not
>> >> libraries follow the MUST or not.
>> >>
>> >> Do we think there's a way to square this circle and somehow
>> >> get rid of the appendix to get to a result folks can all use?
>> >
>> > I wish I knew.  The fact that the CORE draft is not even complying
>>with how
>> the appendix is saying to do things almost leads me to think that we
>>should just
>> kill that section of the appendix and re-evaluate things.
>
>I may have misinterpreted what Göran said and this may not be the case.
>

Sorry for the delay, we have had some offline discussions.

I think the core of the problem is the desire to use COSE for multiple
purposes, in particular: 1) 1-pass stateless message forwarding and 2)
stateful message forwarding in a session; each with its requirements on
message fields. In the former case it is necessary to send the algorithm,
but not in the latter. In the latter it is necessary to send a
session/context identifier but not in the former, and moreover there is no
such field is defined in the current draft. We therefore used  'kid' for
this purpose contradicting   its intended use which led to this
discussion. But for that particular case it is easy to resolve: We can
simply defining a label for a session/context identifier, replace ‘kid’
and there are no contradictions with the current body or appendix. So I
withdraw my previous comment.

This does not solve the general issue with the appendix contradicting the
body, but I don’t think that is possible to solve if we want to support
multiple ‘modes’ of operation: Either we define explicitly different
modes, and what is required/allowed in terms of message fields for these
modes, or we define one mode and acknowledge that there may be other
modes. 

(Compare Groucho Marx: "Those are my principles, and if you don't like
them... well, I have others.” :-)

Göran