Re: [COSE] compressed certificates -- Re: Proposed charter update
Carsten Bormann <cabo@tzi.org> Sat, 26 September 2020 06:12 UTC
Return-Path: <cabo@tzi.org>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71AD03A1002 for <cose@ietfa.amsl.com>; Fri, 25 Sep 2020 23:12:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SoKij0FElqxo for <cose@ietfa.amsl.com>; Fri, 25 Sep 2020 23:11:58 -0700 (PDT)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12D773A1001 for <cose@ietf.org>; Fri, 25 Sep 2020 23:11:57 -0700 (PDT)
Received: from [192.168.217.118] (p548dcc60.dip0.t-ipconnect.de [84.141.204.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4Byz2M35g4zyZn; Sat, 26 Sep 2020 08:11:55 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <12902.1601072453@localhost>
Date: Sat, 26 Sep 2020 08:11:55 +0200
Cc: Jim Schaad <ietf@augustcellars.com>, =?utf-8?Q?'G=C3=B6ran_Selander'?= <goran.selander=40ericsson.com@dmarc.ietf.org>, cose@ietf.org
X-Mao-Original-Outgoing-Id: 622793514.978552-3cdd548c441ddef5a79631bf66b653c8
Content-Transfer-Encoding: quoted-printable
Message-Id: <91D920B1-F24F-4E7D-B1A2-6A6F7B5B36D4@tzi.org>
References: <AAEFFA7E-B4B5-495E-A578-BDC0383A9A76@ericsson.com> <015a01d6935d$8519f200$8f4dd600$@augustcellars.com> <12902.1601072453@localhost>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/IKPe2YA4jKqTXbmV0UrPzsM9T7g>
Subject: Re: [COSE] compressed certificates -- Re: Proposed charter update
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Sep 2020 06:12:00 -0000
On 2020-09-26, at 00:20, Michael Richardson <mcr+ietf@sandelman.ca> wrote: > > Signed PGP part > > Jim Schaad <ietf@augustcellars.com> wrote: >> I just made a relatively fast read through on the compressed >> certificate draft. If we are looking to do "native CBOR" certificates >> then I think that we need to be very explicit what it is meant by >> "native CBOR". When I hear that term I end up with a number of >> different things that this could end up being: > >> 1. A CBOR Encoding for ASN.1. > > I'll bet Nico could whip that up from the Heimdal ASN.1 compiler tools. > It's worth investigating what the resulting benefits would be. Uh. What could be an interesting experiment would be defining somewhat mechanical rules for converting ASN.1 to a CBOR data structure (e.g., expressed in CDDL). But defining “CBOR Encoding Rules” with support for all nooks and crannies of ASN.1 would generate a lot of complexity (e.g., compare the basic YANG-CBOR idea with what it turned into with having to support for YANG’s weird unions). >> 2. A CBOR Encoding for an X.509 certificate replacement. (CWT?) > > Or possibly an EAT, which is really a subset of CWT. > draft-birkholz-core-coid Yes, we should do this, but maybe thinking wider. I hope this is then more than an “X.509 certificate replacement”… Oe objective behind the CoID work was to look at real-life X.509 certificates and make sure that all their payload content can be expressed in CWTs. >> 3. What is being proposed in the document which amounts to CBOR >> Compressed X.509 certificate signed in the CBOR format. > > No, that's #4 :-) > 0. is CBOR compressed certificates signed in ASN.1 format, because > the CBOR compression was 100% bit-for-bit reversible. Re-encoding vs. “compression”… Note that you could have a cert with both forms of signaturen (on reconstructed ASN.1 DER, on original CBOR = native signature) included (not very concise then, but the sender of such a cert could simply elide the form that is not needed). >> It might be that coining a new term for this might be best because I >> definitely got a surprise on the definition. > > I think that we have use cases for all these. > We probably shouldn't do them all. > It would be very nice if we were able to deploy this incrementally. > > I agree that some terms would be helpful. Terminology is the basis for communicating efficiently (and often, required for communicating effectively). Grüße, Carsten
- [COSE] Proposed charter update Göran Selander
- Re: [COSE] Proposed charter update Göran Selander
- Re: [COSE] Proposed charter update Jim Schaad
- Re: [COSE] Proposed charter update Carsten Bormann
- Re: [COSE] Proposed charter update Jim Schaad
- [COSE] compressed certificates -- Re: Proposed ch… Michael Richardson
- Re: [COSE] Proposed charter update Michael Richardson
- Re: [COSE] compressed certificates -- Re: Propose… Carsten Bormann