IETF Logo Mail Archive

Re: [COSE] Key identifier of type bstr / int

Laurence Lundblade <lgl@island-resort.com> Fri, 25 March 2022 09:00 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2152D3A1153 for <cose@ietfa.amsl.com>; Fri, 25 Mar 2022 02:00:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AKYfELxh3Pa0 for <cose@ietfa.amsl.com>; Fri, 25 Mar 2022 02:00:48 -0700 (PDT)
Received: from p3plsmtpa09-08.prod.phx3.secureserver.net (p3plsmtpa09-08.prod.phx3.secureserver.net [173.201.193.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56F543A1147 for <cose@ietf.org>; Fri, 25 Mar 2022 02:00:47 -0700 (PDT)
Received: from [192.168.8.106] ([213.225.36.78]) by :SMTPAUTH: with ESMTPSA id XfoKnQlv0UgVcXfoLnS9nR; Fri, 25 Mar 2022 02:00:46 -0700
X-CMAE-Analysis: v=2.4 cv=WsbujfTv c=1 sm=1 tr=0 ts=623d84be a=73sqJBfw4EOcj9Wd6QYAcA==:117 a=73sqJBfw4EOcj9Wd6QYAcA==:17 a=WlxsqyjbAAAA:8 a=4_za2-uSkNp9x-VAP64A:9 a=QEXdDO2ut3YA:10 a=vp2wqIv7ht1Uq6qh5zUA:9 a=WwxJ5ym-LNLvJbm0:21 a=_W_S_7VecoQA:10 a=TApCPVH6uDxqAy9nYJmN:22
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <31D0089F-973D-4E0D-B275-306C80E186A4@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_15991FB9-AA4E-4AB4-825F-8775D287C975"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Date: Fri, 25 Mar 2022 10:00:44 +0100
In-Reply-To: <Yjr1XF5A2Cl2Jn1s@LK-Perkele-VII2.locald>
Cc: "cose@ietf.org" <cose@ietf.org>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
References: <95B75634-B147-4756-A950-C6B139CF3ADD@ericsson.com> <9DF382AC-12A8-47A5-AAE7-2B0D75EAA669@island-resort.com> <EDFDB6E4-2BDE-4E2E-9CF0-D771E2DEF3C6@ericsson.com> <823C00C2-4F6C-4DF5-99B0-87D8524D4A9C@island-resort.com> <C059B669-4C5D-4980-A665-96A39F4457C3@island-resort.com> <Yjr1XF5A2Cl2Jn1s@LK-Perkele-VII2.locald>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
X-CMAE-Envelope: MS4xfNM4g2g3gFQXZLpyh1WZLOMZDJK5ssg/+A9B6NSKayH13mhnbp5l7ix9NAHYerEinp11AUnq9I4bsqE+jfbTKNJamt7nIAoIse/PZ5Zea3qZD4vtOpfT W4wnEtDPdxLHG0TX0jhRm8sEXrzE7CTQuuK/rUd2nYf3zGFWlmQBQfFkU7gHsUWCG90VsUUi67ke6WO3yKD3JGlF2QpMEHMLjVxcbzakL85nqANO7ftnaZZS
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/K0eifKhCluNreVwnJv2-LmhfLo8>
Subject: Re: [COSE] Key identifier of type bstr / int
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Mar 2022 09:00:53 -0000

> On Mar 23, 2022, at 11:24 AM, Ilari Liusvaara <ilariliusvaara@welho.com> wrote:
> 
> On Mon, Mar 21, 2022 at 02:13:50PM +0100, Laurence Lundblade wrote:
>> Thinking about Mike’s comment today in COSE/Vienna about backwards
>> compatibility. Looked at my code around this. That definitely seems
>> like an issue. 
> 
> What does your code do if it encounters a recipient with int kid?
> 
> 1. Treats the entiere message as malformed?
> 2. Ignores the recipient?
> 3. Something else? What?
> 
> 
> And it is the implementations that do 1. (or 3. with some oddball
> semantics) that worry me the most here. Not so much 2., as such
> recipient is probably not correct anyway.

For option A, t_cose would reject the whole message.

For option B or C, t_cose would accept the message unless intkid was marked as critical, in which case it would correctly reject the message. There would be no way to get the intkid or even know it exists, though a future version of t_cose will be more extensible in that regard.

You can classify end-end systems using COSE kid into 3:

1) mandatory — receiving app can’t function without a kid
2) kid not used
   2a) not used and reject the message if it is present
   2b) not used, don’t care if it is present
3) optional, some messages can have a kid and it will be used, but there is some means other than a kid parameter for finding the key

Note that this list is about kid, not about integer kid. Mandatory means it must have a kid the system can understand.

Assuming t_cose behavior, Option A works fine for systems 1) and 2a), but not 2b) or 3).

Options B and C work for all system.

Since integer kid is only for a small optimization you might be tempted to use the two-byte encoding for compatibility with all COSE libraries if the optimization isn’t absolutely critical. In coming vast spread of COSE use cases, the integer kid will only be used very rarely, so maybe better not to confuse the existing kid parameter.

Now I am leaning towards B or C.

LL

v2.23.0 | Report a Bug | By Email