Re: [COSE] [Last-Call] Iotdir telechat review of draft-ietf-cose-x509-07
Ivaylo Petrov <ivaylo@ackl.io> Sun, 01 November 2020 18:52 UTC
Return-Path: <ivaylo@ackl.io>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74F323A0D03 for <cose@ietfa.amsl.com>; Sun, 1 Nov 2020 10:52:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ackl-io.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QqJtuac-lQ8R for <cose@ietfa.amsl.com>; Sun, 1 Nov 2020 10:52:56 -0800 (PST)
Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com [IPv6:2a00:1450:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 899AA3A0D09 for <cose@ietf.org>; Sun, 1 Nov 2020 10:52:56 -0800 (PST)
Received: by mail-wm1-x32d.google.com with SMTP id 13so7374252wmf.0 for <cose@ietf.org>; Sun, 01 Nov 2020 10:52:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ackl-io.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VecUmM573GOjLnTygPdkUHmnPH3M+0fjcxKHvr8kBdE=; b=dHiFjBjBBvk9aUkwMrOEQwBMdtAWCjaYP3dl6EhHH38MBpxwg4qt11KNNVfwG+up9t /IEsHQVTMXo17UDT71B567wmbsBkG9Y7djLYNNHxlCCeylHz9x2lvcN8lN/WLZyL2Pv5 xNoC+3X9rx/2zEG84lV+a822+YygxyMvO1OaQ1RNDtX0ZVBeDnRI8FsCdmv8t15X9swC 1MZ+Y9aAkHsR0n56+Mkcx4tGndoMnYzyaaE7jIkW/QX9K6OdgEQdcFYVh4b/8RMZTBZS /DnH/EYtELxTzshZYt4o6BllAq3/nMS0J5U2A6E3RF2GxF7+ST0kY4k020vzIM4N1jFS Fjzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VecUmM573GOjLnTygPdkUHmnPH3M+0fjcxKHvr8kBdE=; b=qoRgYvO2UGuE+TtWD2SUEMDbxt66dzwCSsishEk9+Ove6rKhHWDpVQX/Pk251YkdKg CQBo5zZYzfUPfv1Qd1ohEYhX0P0KPEkq3Ywb2jH6xLT54bB7EGS47AhUrOjQufaYJrNj 57XZ1QaZPqzxAxxOm1N0t+1l8d9hr4dLnBO8vDTAhUX+aCZTHBTwc/YynTJhJx+xV0Hl n0ZpFeIkh0fJ55/9CuoS8iB5f+bNOjbIoQZizFWu3SukE2WvuDbmglrqZ0D22MLcZkQd L2A6+ZkbGiH5zSPLRhxXPtFxeUBZagNaVsRWGRKJJtnfFX6Cpo//mVTu+19/hNKwhi8f 0fgw==
X-Gm-Message-State: AOAM531clDt0Pm+pBfZ4jk98UtvWiyiwH6iHtJWTfuuNT1USjD5zBioo NaJ32Qf2hCM6dKbUFwBxJux02Ft25Pxaus91QzzdJBd1d3Y=
X-Google-Smtp-Source: ABdhPJzAwYntTVN8HC7fOH1ePSkphkUVInYXjISm4+JjQpKpFIGIERLR9hFq66C1haQi+HfL9wE7KgDepHtnE010nb8=
X-Received: by 2002:a7b:c255:: with SMTP id b21mr14187142wmj.72.1604256774885; Sun, 01 Nov 2020 10:52:54 -0800 (PST)
MIME-Version: 1.0
References: <160314506078.20558.15385106097623388280@ietfa.amsl.com> <26102.1603156521@localhost> <38B4F6C0-6F7E-46DF-A1B7-24D6E83BFE92@tzi.org>
In-Reply-To: <38B4F6C0-6F7E-46DF-A1B7-24D6E83BFE92@tzi.org>
From: Ivaylo Petrov <ivaylo@ackl.io>
Date: Sun, 01 Nov 2020 19:52:28 +0100
Message-ID: <CAJFkdRy_Uzg3cKBy4SGEUCZtB_DNmS_SK2hwniZgu55YshwT8g@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, iot-directorate@ietf.org, Last Call <last-call@ietf.org>, draft-ietf-cose-x509.all@ietf.org, cose <cose@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000321ee105b3102332"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/O50l1JE6wPLPByg4G5YjZ_IIVJE>
Subject: Re: [COSE] [Last-Call] Iotdir telechat review of draft-ietf-cose-x509-07
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Nov 2020 18:52:59 -0000
Hi Carsten, Thank you for this review! I have asked if anyone would be willing to generate the examples for this draft, but for the time being I have removed the paragraph about this. As for the discussion about bag vs some other term, I believe I see your point, but my understanding from this thread [1] is that bag is a well defined concept and we could still use it here. [1]: https://mailarchive.ietf.org/arch/msg/cose/qYkms2KEZQbfJtBKRoFnaGU7ILE/ -- Best regards, Ivaylo On Tue, Oct 20, 2020 at 1:43 PM Carsten Bormann <cabo@tzi.org> wrote: > On 2020-10-20, at 03:15, Michael Richardson <mcr+ietf@sandelman.ca> wrote: > > > > I believe we use the term bag because it is permissible for a certificate > > artifact to appear more than once. Stupid maybe, but permissible. > > > > I think that some systems/libaries considered the Issuer/Subject to be > the > > key for indexing the set, and then they got confused if there was more > than > > one certificate in the bag. The additional object used a different > signature > > and/or hash. At least, I have some dim memory of some situation being > > described to me. I think that the names of the guilty parties were > withheld. > > I think we have a different perception of what “is” means. > In my shopping bag, there *is* a difference between having one or two > yoghurts in there. > In the x5bag, having the same certificate twice is exactly equivalent to > having it once. > So it “is” a (non-empty) set, not a bag, even if the *representation* (as > an array, with a special case for the singleton) can actually have > duplicates. > > Given the semantics, the question how one “finds” things in that set is > more of an implementation question. I don’t think offering this as a > multimap(*) with some arbitrarily chosen map key is flexible enough. > Normally, a simple iterator (so you get to see any and all of the elements) > will be the best solution, because the implementation cannot know what the > application-specific validation process is looking for, and we are talking > about a very small set. > > Grüße, Carsten > > (*) Cannot be a map, as there is no guarantee of uniqueness of any key. > >
- [COSE] Iotdir telechat review of draft-ietf-cose-… Carsten Bormann via Datatracker
- Re: [COSE] [Last-Call] Iotdir telechat review of … Michael Richardson
- Re: [COSE] [Last-Call] Iotdir telechat review of … Eric Vyncke (evyncke)
- Re: [COSE] [Last-Call] Iotdir telechat review of … Carsten Bormann
- Re: [COSE] [Last-Call] Iotdir telechat review of … Ivaylo Petrov