Re: [COSE] I-D Action: draft-ietf-cose-cbor-encoded-cert-01.txt
John Mattsson <john.mattsson@ericsson.com> Tue, 25 May 2021 14:09 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FFC13A0B9D for <cose@ietfa.amsl.com>; Tue, 25 May 2021 07:09:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BP8ZJV-dTUKp for <cose@ietfa.amsl.com>; Tue, 25 May 2021 07:09:54 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2059.outbound.protection.outlook.com [40.107.22.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DD773A0B92 for <cose@ietf.org>; Tue, 25 May 2021 07:09:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HOc6h02Ov93tuq2kN57ihwgORi9HxQFf1UipE1nwT/lGl4AxPyCKh9F2wvikp5bZhazEuSmW9SFe7RouXcj5IBohs2O3KOyniA0sZ14SBjBUQquWX6sEmYsOAQg34gx5bG9SzrBAoADivRZGHOt8fR/YzQ2cylo/F9vnZyoHS2wkTC45GfM/Jm7iOS99VYPwgwU1ooyjNKWEkWJaOnfXdBAw1Rac8OW+leg/DVolaP6Aj+zh9C1H+F8Cf4xVpKZ+Ug90A+lgMan8F8BDqBCB84SYrLOxrj9tDzUv+cSJwzz8/HHiGRVqt8AOpfsM6SIy39xa5+UtLSoJyui/Ch2Xaw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gRcSEU7+Os1qW6BsSOKf6AQJcwZdF2KKAH23IO0FYqs=; b=EMexwS1ocqmvUqDjKTHMz2t8zkzgiKb3qAi0k8tGL+C1itjllJoe9iGSu1hFUdTK11zyqjxXL0ISmh4JonHdRX5EyvmzSASQ07FOT9Q3BGOb4q8GlyXNM6DkgibwCtVaPANJ2sxoeInzDiYcbo0cmWAyCAlcIX4Z686mAWFM6j/9lWfav+N5r7dB/Jlc0FbWTy1oe1XjOTedCAEJXYs1rA5/bs8pDtN/rH2pzE2/vH2Pyv+pT+KeUjskWgw8o0a/KlB6PHKutxiMgKJSuKwl/LOfGXDazLZtwwz/74o4nLFllMAB85fZdu25TpDvRYRmGL/Jm4+wRsTtjay6dBRGog==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gRcSEU7+Os1qW6BsSOKf6AQJcwZdF2KKAH23IO0FYqs=; b=ut87sfa8Ur6qZ8Mr3GKjyqU4gadRKl+Vvxc0Q0TAsMoeqdZAl4uH+3QWAYd4ZwSZ8kVypY3c6pgwZFHWwbM92rPO/1KKgzqvqAIzepLX1shqS2xhaOA+oeMJIACeyyN/pZKMlReN+80Fv6ecW7JNIUyJyuIFC5Jb62ExmjhnfaY=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by HE1PR07MB3435.eurprd07.prod.outlook.com (2603:10a6:7:2e::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4150.11; Tue, 25 May 2021 14:09:45 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b071:a4a:817d:2d3]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b071:a4a:817d:2d3%11]) with mapi id 15.20.4173.020; Tue, 25 May 2021 14:09:45 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "cose@ietf.org" <cose@ietf.org>
Thread-Topic: [COSE] I-D Action: draft-ietf-cose-cbor-encoded-cert-01.txt
Thread-Index: AQHXUWs+PkvjwvPwGk6gVF+HYBqIg6r0O7YZ
Date: Tue, 25 May 2021 14:09:45 +0000
Message-ID: <HE1PR0701MB3050A69FF5868B1542D601D189259@HE1PR0701MB3050.eurprd07.prod.outlook.com>
References: <162194984811.8776.8818180397390253919@ietfa.amsl.com>
In-Reply-To: <162194984811.8776.8818180397390253919@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [81.225.97.222]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 77d3c50b-2047-4fb0-a55b-08d91f86c017
x-ms-traffictypediagnostic: HE1PR07MB3435:
x-microsoft-antispam-prvs: <HE1PR07MB3435A6C6EB5CDA56D4622C0F89259@HE1PR07MB3435.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 78Ev3j/as5ZfV6A/cMdyPeATB2iYQaoz4UPhfKkzUrjlwQYuA/tjXuLCuXy78twMI3oS8kp4NQa/gFtZubmLcIYSEHxkTNi7X8XXZoxV5fsgTu+3sr+pCTIJCTkNOJcLE/nqkTAvIYjG471IJSqOBGLpqJtTiNlI4RtE6hZW1GFzbD1a+gHY8FLpPaBpgptApTEQdPfN3sB5WLTbyvVEP2UOOunozqYc+RlGv9rQE7fX0+mcplKISk/1vvpAkvBkBjxBe2esB/MBkdR8D4YGeHhHhDE8mVoUaDOMUJq2Cr9udXFmqB6wjwdsSDkw1gR0YktWNMMoRw0/mPDMDzlYbeyziwu9DAt+Fz+wDwnnkFBX0Wp89aj22VPOGWjSfWst1HGQKgnTCj6hSYsIdeylYpgOOM4ek/VB4IH4cET5/6w6YtuJqhrYioPqaBXEWzhIAWuYo8Qe+xj3Zw7viRjQ2fsX/dzZtxcR3zX9+s87jy7QNIeOMQAEROC33wt8j5F/oQzAiOVpuoA85/GeBwRYBm2d4YH2cR+Bl4aBlm76e4TXtmZVJ0VqvSmbNILACQUCyrQRJMn6OIevxHT8anBjd8F42GqX1dg3KZtqNOKoQzNkJiOtOY4K1NEw1QW4roxcGFh632tPhcC/3RqOPYkHFlrZHtKm7CYdOqz7B+YZmezK234SOGCTUTZCMxhTrlabfGy9YPHA4+kXHfSZN4buYg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(39860400002)(346002)(136003)(376002)(396003)(7696005)(86362001)(166002)(26005)(316002)(55016002)(5660300002)(9686003)(186003)(33656002)(83380400001)(52536014)(6506007)(66574015)(53546011)(6916009)(44832011)(966005)(38100700002)(8936002)(122000001)(64756008)(2906002)(66946007)(66476007)(66556008)(71200400001)(66446008)(478600001)(76116006)(8676002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: YGPg5KW1oUJ0U8nmVL9KTXKYgbaaM6iz4A8synZuZBi6+ELiWY0V3c6rcl20zcbNDPjH3V3A8r+O9n1jziZETuWd1UdNp2mI06HRjxSR+b8+EYN/f1mTnxEAE4Sc3tJKyfpurKH5pjC40IIpsosVSI9FfWxTevkPAUsCsr8B6boEWuIjdywQYSKeU6uhchJA/uxGZJN2K5j4bk1bPNgeI7Ww/C8DjU3TWU6x47WbE2idY10kOetUJWso+t2+3GCX15qwuIf5aiT9ksICOM+UJi5CZo01SbkdD3Flizv1wbYIj2cUEa0CgD0xcu6hpknxuqpLUTxqFn4Z5w6UzUyFiYHYfk6AcDVxkyKzPE73iE9WLnOJ5A86ZAan0IOjK4YUqkRjxt7Ul4STgpGPmteOT+eZ1BU6F/4LAcyP6QPCKUez/nByzSthY0d5XMZ5UXycManPgOa+Ib6T+u0acrFSAAN186a4NzWEaoHfGlc/nRWfMFX7d2CyTKcQi+eXMNMJ4LAPJ9PBZwyew2HeRqZxOL7hUGdyoWO8Xc2tmwybiydKZ6+/Ofppmir15n9xmxDYSvhU8ET6mz04QSaNEggd8Zpe1UK3AqNSYXUuysOqxePmboFjctfaLMtRzAuGAomu0XBfu6E6+6o2ftk3/Gxc/Z3TAzthZF3h4kJqTidVgtlDfXTkePqIZyVRs2p0FhX3C8A/MTX3SE6iO+OLdzHP4XHC5k0bzDwtx9sxL1cQuKCMW4KHUULJEL3K7apceWjDAxwcBR/x10bSGcjpi75VJpfdD67AeDasfAMo59MdK4dQBbd9HbGaVCPer2h9nTCzLnX/3+gJbRSZVV28UYo0wy/maMq/HMB/m9W0CvcemGMlADOcHEJJGTexux4gwn3A6EaAkTDZWfKOT+LeaaxXIEa/xp9riJZWV5czB6Ky85WAALjMqONnQYB6IPCz+wFAMLPmgQ4bGooDligKja1zXrOmcvFcrUKFTKBgE2tFBQUBQp6HU60uNZ5MEkqF8ACD+3JpEDjixFZxCpOYwu8hhEZekwqD680hocmJtFTiJVOfCm7IgiJlBrT2vF92WCno1BNGJVFzNjiUPfYtugfD0tkcCz0VTP2Ntzrr/ffHCCb92jq4rL1G6DGetSqjcnC0paOHA1r02zVfMG15MUpisL/z/gHAg9s1GsFKE/gkGpK56euia3sFW7vWeuMpEljtReJ6k6Us1767Fw4qq1tbNtMX9gJNt0CPRwKT6esS51azhVLS1jO6UpOOafE6zplFojFyzyT4aA4IBiUFGkx5dWbSrsuKI0BGcIQuaPqBr5/ICwfuFx0sSK8OyOGIEzHtvBDij43lle2iCrg/SlJ2ow==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_HE1PR0701MB3050A69FF5868B1542D601D189259HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 77d3c50b-2047-4fb0-a55b-08d91f86c017
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 May 2021 14:09:45.7040 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: hviVnLnhdUX+xOafsPGDcEKp3LHlJdwPBI+NkppleQ0jKpY4rHfFrM/EUzYypcHV4cD3Fo984PeAxM8p1B44+O4VG1HqC6rmZ6phv46m/Bw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3435
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/G8nceqq2caeMLhli-s73EZr42PU>
Subject: Re: [COSE] I-D Action: draft-ietf-cose-cbor-encoded-cert-01.txt
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 May 2021 14:10:00 -0000
Hi, We have submitted draft-ietf-cose-cbor-encoded-cert-01. Main updates are: - Implemented the suggestions from Laurance to make C509Certificate and array and write in text that applications that do not requiring a CBOR item can use ~C509Certificate. - Addressed all of Ilari's comments (further optimizations, and correction in the description of extention encoding), except algorithm code points, which are still to be discussed. - Renamed COSE_C5 to COSE_C509 and aligned with COSE_X509 - Defined what c5t is a hash over. - Completed the HTTPS ECDSA and RSA certificate encoding examples. - Expanded the size comparision section. It now has two tables. The first table comparing COSE_X509 and COSE_C509. The second table compaing X509, X509 + Brotli, C509, and C509 + Brotli in TLS. - Added missing specification for several extensions commonly used in HTTPS certificates. There was previously illustrated in the examples, but not in text. - Renamed CBORCertificate to C509Certificate - The document now formally replaces draft-mattsson-cose-cbor-cert-compress This -01 version should now completely align with the example compression implementation I wrote in Rust. I will release the source code as open source later today. Cheers, John From: COSE <cose-bounces@ietf.org> on behalf of internet-drafts@ietf.org <internet-drafts@ietf.org> Date: Tuesday, 25 May 2021 at 15:38 To: i-d-announce@ietf.org <i-d-announce@ietf.org> Cc: cose@ietf.org <cose@ietf.org> Subject: [COSE] I-D Action: draft-ietf-cose-cbor-encoded-cert-01.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the CBOR Object Signing and Encryption WG of the IETF. Title : CBOR Encoded X.509 Certificates (C509 Certificates) Authors : Shahid Raza Joel Höglund Göran Selander John Preuß Mattsson Martin Furuhed Filename : draft-ietf-cose-cbor-encoded-cert-01.txt Pages : 42 Date : 2021-05-25 Abstract: This document specifies a CBOR encoding of X.509 certificates. The resulting certificates are called C509 Certificates. The CBOR encoding supports a large subset of RFC 5280 and all certificates compatible with the RFC 7925, IEEE 802.1AR (DevID), CNSA, and CA/ Browser Forum Baseline Requirements profiles. When used to re-encode DER encoded X.509 certificates, the CBOR encoding can in many cases reduce the size of RFC 7925 profiled certificates with over 50%. The CBOR encoded structure can alternatively be signed directly ("natively signed"), which does not require re-encoding for the signature to be verified. The document also specifies COSE headers as well as a TLS certificate type for C509 certificates. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-cose-cbor-encoded-cert-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-cose-cbor-encoded-cert-01 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ COSE mailing list COSE@ietf.org https://www.ietf.org/mailman/listinfo/cose
- [COSE] I-D Action: draft-ietf-cose-cbor-encoded-c… internet-drafts
- Re: [COSE] I-D Action: draft-ietf-cose-cbor-encod… John Mattsson