IETF Logo Mail Archive

Re: [COSE] Proposed charter update

Göran Selander <goran.selander@ericsson.com> Fri, 25 September 2020 18:18 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB2283A1408 for <cose@ietfa.amsl.com>; Fri, 25 Sep 2020 11:18:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.796
X-Spam-Level:
X-Spam-Status: No, score=-3.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.695, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HNe6JRagoXY1 for <cose@ietfa.amsl.com>; Fri, 25 Sep 2020 11:18:42 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2058.outbound.protection.outlook.com [40.107.20.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BB643A113B for <cose@ietf.org>; Fri, 25 Sep 2020 11:18:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QoAfNKv2CjVDCVJZk7/90T+Nwjy/y3gY6ZNdGa20i8vH0Db+St6bUJZy3P8xfjX47lm5RyuszcJjGq1oKz2W04oU33OlaYGPBjzJ1U7F7/tT3dHwkxZfwuF0Hpuik7Dwy9msVcDsMoOMgXQhfHk4KnrEfOx0xQs8APFESoW/d6wYjSP8ba3QqlkdhEZUOe57yEhtMmEc5/Bv5+DQHh0jtbMwYSL+9AwSRX1T88oH9nxCTBz4fW9pflDgzLv91Afwt6cY/HSQDdXVjaL03txHO0NYDDaGaLlS1PmbnKyf/mYJu34eW/3Kj9sGLpVZ77a2w0L/nncpjp+p0fOcLmhRvg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/zwqtLj9ZwHTAVVnbli8WrkLF5EfCkeEOelX5ILvT5M=; b=bXckfLSBCpY1Z/jEXi3T9Ui5yA4gsGHebWNn4HKisT8C6x/SaTMJ9omuW3k8XAMqWa+fZYl5dqh0vmKkG4shbEE/AtSCzvq8gU98GhqKmo0aqLwuX2JYlOJmQjaJp2Tvmu6UwGagBmCA8B96qb2O5RWAqn/xTesg/iS70Kr11rAbFYa412ZbpYeA0nbxE66cfXizTnz6KqMEKCM8Om49JrtWCbMRzAHHVuxKhdHavxvZSN+YWrCZT8pqjfSMTJkpfcBfmmqAI24vnXdWG+BqRii3O/oDURyQ+WYW5OtPMTNzczqGsLRSBH5YBEHHgyZd9gJR/uT+y02ykC6KRiVtVQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/zwqtLj9ZwHTAVVnbli8WrkLF5EfCkeEOelX5ILvT5M=; b=MoyBqvCtbJYyqSqZ0eJgNhjngcMSrBB+RKamdLQw6EtjeoQfn1bW8h77gIYfAOvABklYw6n+iGsLmJRQgiiknLALq/azdjy+R1rxwIkXZL6/lZtdfAHTU68arkiI/M5HJOb4/DGx41KgtcL7HWhYVttni99ugSgAW4X5S2b6Als=
Received: from HE1PR0702MB3674.eurprd07.prod.outlook.com (2603:10a6:7:82::14) by HE1PR0701MB2953.eurprd07.prod.outlook.com (2603:10a6:3:51::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.14; Fri, 25 Sep 2020 18:18:39 +0000
Received: from HE1PR0702MB3674.eurprd07.prod.outlook.com ([fe80::f5ce:b24:f47e:799c]) by HE1PR0702MB3674.eurprd07.prod.outlook.com ([fe80::f5ce:b24:f47e:799c%4]) with mapi id 15.20.3433.013; Fri, 25 Sep 2020 18:18:38 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: Jim Schaad <ietf@augustcellars.com>, "cose@ietf.org" <cose@ietf.org>
Thread-Topic: [COSE] Proposed charter update
Thread-Index: AQHWk0Acu7vXa+4m5EugbxPaEEMF3ql5lIYAgAA3E4A=
Date: Fri, 25 Sep 2020 18:18:38 +0000
Message-ID: <1B5CDEEB-2114-484A-8FEE-213AF3A509A3@ericsson.com>
References: <AAEFFA7E-B4B5-495E-A578-BDC0383A9A76@ericsson.com> <015a01d6935d$8519f200$8f4dd600$@augustcellars.com>
In-Reply-To: <015a01d6935d$8519f200$8f4dd600$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.41.20091302
authentication-results: augustcellars.com; dkim=none (message not signed) header.d=none;augustcellars.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [83.251.145.232]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b1f99493-8b9a-4dee-1eb2-08d8617f6cde
x-ms-traffictypediagnostic: HE1PR0701MB2953:
x-microsoft-antispam-prvs: <HE1PR0701MB295377F822A2BB79FF6E89D7F4360@HE1PR0701MB2953.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 5XRtFULSHPf9C0oBs+eWqUKjgf1sLgDTcWXcFMPHy50oQgiy6huHujKzm3hWGRxgMWvLzuMU/Gbi+FAY+nYQ4rpaXW1Bu8SeUjHPM8sy1TDDSGctowsylgRrl0OQu3FXYG9QMYG/5/XH9JGzqrDV1uhvNbtgN2GXXnssxDSramplPCwGKYOvjm44AS372M6PBHE9cbKUkr85uR33tiHYfxTj7W8ltdrw/P7Hr4F+ACLg6D4T6QneX4zQstFmT5FJnyF7k3r27cPryh+OdKDlqlvfRY8waEuMmTV0mQbC6mTOFEbQbQZ2QNTuU/dveVic+j+RnlOajZGYkC6w0BjQiRjlgGg7NKGqUpBj5GJXa1Kr+YlNet2Yq1esHAZOUwHtCRc4wN/ytGHET/teFqwJ5w==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3674.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(366004)(39860400002)(136003)(376002)(396003)(53546011)(6506007)(85182001)(66556008)(86362001)(186003)(478600001)(71200400001)(83380400001)(316002)(66476007)(66446008)(110136005)(64756008)(2906002)(6512007)(36756003)(2616005)(83080400001)(6486002)(85202003)(66574015)(15650500001)(8676002)(33656002)(966005)(26005)(76116006)(8936002)(66946007)(5660300002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: /VwIy11TwnjHOsaSt0YrBxoRdHk/cWBAG4i+wmsELfdhZMD+yTcZOQ2/byHG7KXh/jdvbIGGolmCgsMiHq/9c8m23sfQpBsIpK7WppnuUvZFP/7PVRrjxxUGVHYXhnWevS/nxGtDJc+f2UDVI2EVx8dn6IjHRUbFI/SRMWPKKsPuYoaqC58igaP85ldEAeDMZkhQICXyAvmGcTyX5HI2lEsVsJnMbNuBBo/SIzM3205DUBgNHGprSk3jJe74m24qkNpIWxmhP8ZuySy/1L3G7GoetjRmQOggCWjt2NoqvkK22Spgmw0383fyzbOl8isx2z1ijWMBDw7fg32wOXtB+OwsAjsPYITnRInTGpQH8kiwIqnHLedl6k4E6sjdn8r0TpqnIgYEZYcWLz+oakXGUdoK9qtYv0eS/sNstoLvFUrJPgQkyYfcyw2lL5dV7dph7RLKyAuWJPrfCewvEnIi+S1ZlOq0azMA35ec8LwRSxYWzJ/4Zhz97VilMO1OQbiW6tFWCA+RTQ4l0KKuKlZs9v7JgOjFvD54UeGMN0MOCDd3dvQsoBtn/Tzxt2iQ8lZeQPomLj/8Syo2HYm4ccuZmZWr6vvtDbdQqFW0Sf9BSfiRCzTNW4ZRapx/aICF4KxMfGuveLtmj4CL+cmsq84IuA==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <BEF517DF8922D64C9188C2F04B709F44@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0702MB3674.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b1f99493-8b9a-4dee-1eb2-08d8617f6cde
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Sep 2020 18:18:38.6193 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: NVWLyOOFfgbWzXtXMWPiD2NGZwrJ03YHc7jkuwtfaaU5kq+m1Q9ITDsnMNQpSIwADbbOaA8x4W+Ef7EDAhExmi+a6TkHCbmS18IEBPOuHlY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2953
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/GrIdnIeigBZ6yi705HGpTMwfOiw>
Subject: Re: [COSE] Proposed charter update
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Sep 2020 18:18:45 -0000

Hi Jim,

Thanks for commenting. 

On the term "native CBOR certificate" in draft-mattsson-cose-cbor-cert-compress.

We are not specially attached to this term. Happy to replace it with some other adjective or just use "CBOR certificate type 1",  "CBOR certificate type 2", if that is less confusing. 

We did not intend to define "native CBOR" (like in 1. below), the intended parenthesis is like this: native (CBOR certificate). Not like this: (native CBOR) certificate.

The rationale (perhaps twisted, but anyway) is like this: Assume there is a device which speaks CBOR (i.e. "is native in CBOR"), then it should be able to parse and verify a "native" CBOR certificate without knowing of other encodings.

We are not targeting an X.509 certificate replacement as in 2. below. The only difference between the compressed X.509 format and the native format is in what is being signed. In the former the signature is on the uncompressed ASN.1/DER encoding, in the latter the signature is on the CBOR encoding, like in 3. below.

Hope that helps.

Göran

On 2020-09-25, 19:02, "COSE on behalf of Jim Schaad" <cose-bounces@ietf.org on behalf of ietf@augustcellars.com> wrote:

    I just made a relatively fast read through on the compressed certificate draft.  If we are looking to do "native CBOR" certificates then I think that we need to be very explicit what it is meant by "native CBOR".  When I hear that term I end up with a number of different things that this could end up being:

    1.  A CBOR Encoding for ASN.1.
    2.  A CBOR Encoding for an X.509 certificate replacement.  (CWT?)
    3.  What is being proposed in the document which amounts to CBOR Compressed X.509 certificate signed in the CBOR format.

    It might be that coining a new term for this might be best because I definitely got a surprise on the definition.

    Jim


    -----Original Message-----
    From: COSE <cose-bounces@ietf.org> On Behalf Of Göran Selander
    Sent: Friday, September 25, 2020 6:31 AM
    To: cose@ietf.org
    Subject: [COSE] Proposed charter update

    Hi,

    We got an action last meeting to propose new text for the charter. Please find a proposal below.

    OLD is the charter *after* incorporating the changes proposed by John (as discussed in the meeting):
    https://mailarchive.ietf.org/arch/msg/cose/bUSlA5k5k855lVEq6ZnP1KPO0Cg/

    NEW is the proposal. The first and last paragraph of OLD are unchanged, and the middle paragraph is replaced with two new ones.


    OLD
    ---
    A CBOR encoding of the compressed certificate profile defined in RFC 7925. It is expected that the compression works with a large subset of RFC 7925 and takes into consideration any updates in draft-ietf-uta-tls13-iot-profile-00. The compression may also include other important IoT certificate profiles like IEEE 802.1AR.

    It should be noted that this is not a new certificate architecture, rather it is a method of compressing current X.509 certificates that meet a specific profile into a smaller format. The compression algorithm is loss-less so they can be expanded and normal X.509 certificate processing used.

    This work will be based on draft-mattsson-cose-cbor-cert-compress. The working group will collaborate and coordinate with other IETF WGs such as TLS, UTA, LAKE to understand and validate the requirements and solution.
    ---

    NEW
    ---
    A CBOR encoding of the compressed certificate profile defined in RFC 7925. It is expected that the compression works with a large subset of RFC 7925 and takes into consideration any updates in draft-ietf-uta-tls13-iot-profile-00. The compression may also include other important IoT certificate profiles like IEEE 802.1AR.

    The main objective is to define a method of compressing current X.509 certificates that meet a specific profile into a smaller format. This compression algorithm is loss-less so they can be expanded and normal X.509 certificate processing used.

    Another objective is to explore the possibility to parse and verify the compressed X.509 encoding directly on the target device. This removes the need for compression, decompression, and DER parsing, with associated overhead and code, which is relevant for embedded implementations.

    This work will be based on draft-mattsson-cose-cbor-cert-compress. The working group will collaborate and coordinate with other IETF WGs such as TLS, UTA, LAKE to understand and validate the requirements and solution.
    ---

    Göran



    On 2020-09-23, 18:35, "COSE on behalf of John Mattsson" <cose-bounces@ietf.org on behalf of john.mattsson=40ericsson.com@dmarc.ietf.org> wrote:

         Three suggestion regarding certificate compression in the charter.

        OLD
        "A CBOR encoding of the compressed certificate profile defined in RFC 7925."

        NEW
        "A CBOR encoding of the compressed certificate profile defined in RFC 7925. It is expected that the compression works with a large subset of RFC 7925 and takes into consideration any updates in draft-ietf-uta-tls13-iot-profile-00. The compression may also include other important IoT certificate profiles like IEEE 802.11AR."


        OLD:
        "This work will be based on draft-mattsson-cose-cbor-cert-compress and draft-raza-ace-cbor-certificates. It is expected these documents are to be combined into a single document."

        NEW
        "This work will be based on draft-mattsson-cose-cbor-cert-compress"


        ADD
        "The working group will collaborate and coordinate with other IETF WGs such as TLS, UTA, LAKE to understand and validate the
        requirements and solution."

        _______________________________________________
        COSE mailing list
        COSE@ietf.org
        https://www.ietf.org/mailman/listinfo/cose

    _______________________________________________
    COSE mailing list
    COSE@ietf.org
    https://www.ietf.org/mailman/listinfo/cose

    _______________________________________________
    COSE mailing list
    COSE@ietf.org
    https://www.ietf.org/mailman/listinfo/cose

v2.23.0 | Report a Bug | By Email