IETF Logo Mail Archive

[COSE] "CBOR Certificates"

Michael Richardson <mcr+ietf@sandelman.ca> Thu, 11 February 2021 21:39 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5ECF43A0BA0 for <cose@ietfa.amsl.com>; Thu, 11 Feb 2021 13:39:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V1x_SxzVm2xA for <cose@ietfa.amsl.com>; Thu, 11 Feb 2021 13:39:28 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A036B3A0B8F for <cose@ietf.org>; Thu, 11 Feb 2021 13:39:28 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 358FC38A5F for <cose@ietf.org>; Thu, 11 Feb 2021 16:42:48 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id UvsNIUQoxMoF for <cose@ietf.org>; Thu, 11 Feb 2021 16:42:47 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id CB9CA38A59 for <cose@ietf.org>; Thu, 11 Feb 2021 16:42:47 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id ABA2E320 for <cose@ietf.org>; Thu, 11 Feb 2021 16:39:24 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: cose@ietf.org
In-Reply-To: <d197e8c500c7f1b284c74f3d25985df845d722c2.camel@aisec.fraunhofer.de>
References: <5C2A6065-AC5E-4702-A94D-F72C85BD6DAC@ericsson.com> <452ddae14b19ac8a6b98cdbbb20edede@bbhmail.nl> <4c5a7de2-e855-3bb7-cc6d-abfaa86c09dd@ri.se> <d197e8c500c7f1b284c74f3d25985df845d722c2.camel@aisec.fraunhofer.de>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 11 Feb 2021 16:39:24 -0500
Message-ID: <2214.1613079564@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/Q47E3nUQyrvD0xvWH6D8ikVi8k0>
Subject: [COSE] "CBOR Certificates"
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2021 21:39:31 -0000

So, draft-mattsson-cose-cbor-cert-compress has in it's title:

        CBOR Encoding of X.509 Certificates (CBOR Certificates)

Section 7 is: _Natively Signed CBOR Certificates_

and I strongly believe that we should remove this section, and the title.
This is going to very confusing.  And section 7 is not sufficient to really
have native CBOR Certificates.  It even says that it's an intermediate step.

   CBOR encoded X.509 certificates provides an intermediate step between
   [RFC7925] or [IEEE-802.1AR] profiled X.509 certificates and natively
   signed CBOR certificates: An implementation of CBOR encoded X.509
   certificates contains both the CBOR encoding of the X.509 certificate
   and the signature operations sufficient for natively signed CBOR
   certificates.

So if this document confuses people into thinking that this intermediate step
are "CBOR Certificates", then when we actually do that (as LGL and others
want to do with EAT), then there will be mass confusion.

So, if that term could be struck from this otherwise excellent document on
compressing PKIX certificates, that would be nice.

(ps: I have some IDevID examples which I can share.  I've been trying to
compress them, but haven't done the OID compression that I need yet)

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email