IETF Logo Mail Archive

Re: [COSE] [Rats] RAM requirements for COSE/CWT

Carsten Bormann <cabo@tzi.org> Tue, 22 February 2022 19:09 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03EE43A0BCC; Tue, 22 Feb 2022 11:09:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CpL4cl2V0w8L; Tue, 22 Feb 2022 11:09:19 -0800 (PST)
Received: from gabriel-smtp.zfn.uni-bremen.de (gabriel-smtp.zfn.uni-bremen.de [134.102.50.15]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E24D53A0948; Tue, 22 Feb 2022 11:09:18 -0800 (PST)
Received: from [192.168.217.118] (p5089ad4f.dip0.t-ipconnect.de [80.137.173.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4K37y418vCzDCdg; Tue, 22 Feb 2022 20:09:16 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <AB9F0C55-9C23-43F1-A83F-91D4159C888F@island-resort.com>
Date: Tue, 22 Feb 2022 20:09:15 +0100
Cc: Anders Rundgren <anders.rundgren.net@gmail.com>, "rats@ietf.org" <rats@ietf.org>, "cose@ietf.org" <cose@ietf.org>
X-Mao-Original-Outgoing-Id: 667249755.170262-4c9a10b61e2e733436a13f1c74985367
Content-Transfer-Encoding: quoted-printable
Message-Id: <59939C29-5370-4385-AE61-A21ADDC0D194@tzi.org>
References: <e8995f0c-ad85-f702-da6b-051ffdc4cb08@gmail.com> <DBBPR08MB5915B874FD16107A7B0105AAFA3A9@DBBPR08MB5915.eurprd08.prod.outlook.com> <1a16c80d-40cd-baba-b1ce-2033dd0db294@gmail.com> <D22D0D63-F76C-48B3-A034-F8B5B2BB6005@tzi.org> <2c8be442-9899-d117-155c-f6f2096b7055@gmail.com> <92C7CF7C-ED23-41B3-AB32-8438C4C88C20@tzi.org> <14c8d106-3b4b-f973-94b8-018852ff4769@gmail.com> <8C2C6592-D5B9-430A-B878-E1009E9BCF22@tzi.org> <AB9F0C55-9C23-43F1-A83F-91D4159C888F@island-resort.com>
To: Laurence Lundblade <lgl@island-resort.com>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/Q6ysapfnjEijp0j2pDKNtIbVjbk>
Subject: Re: [COSE] [Rats] RAM requirements for COSE/CWT
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Feb 2022 19:09:24 -0000

On 2022-02-22, at 18:08, Laurence Lundblade <lgl@island-resort.com> wrote:
> 
> EAT allows for use of the different CBOR serializations just like COSE and CWT so particular deployments can choose what is best for them. It is important to continue to allow all serializations in EAT for the reasons that they exist in the first place.

This is confusing terminology.
You wouldn’t call putting space after a comma in JSON “different serializations”.
That is just the lenience that the format provides.
The fixed length argument example you give is one of the reasons we put in that lenience in the first place:

> The main example I can think of is EAT in pure HW (e.g., a TPM-like chip that outputs EAT). Outputting fixed length integers will make that HW simpler.

Any CBOR decoder will be happy with decoding this.

> EAT goes one step further than COSE and CWT by pointing out that different serializations can cause interoperability issues

There is only one place I have found so far where EAT actively causes an interoperability issue:  By ruling out preferred serialization for floating point values.  Creating a separate CBOR dialect by ruling out half-precision encoding might save 8 lines of C code in a decoder (which you can simply copy from https://www.rfc-editor.org/rfc/rfc8949.html#name-half-precision), but ensures that a standard CBOR encoder cannot be used without supplying encoding options.  Not a smart move.

> and advises that a profile that specifies the serialization used be created for each use case. (Note that serialization variation is minor compared to algorithm selection and key identification and distribution)

That is highly misleading.

> It seems true to me that there are CBOR serialization variants that would not interoperate. Sounds a little bad and messy...

If you create multiple incompatible variants by restricting the format, you can create non-interoperating dialects.  Don’t do that then.

> In reality, I don’t think it very bad because is very easy to support preferred serialization and because it is possible to create a decoder that supports all the serializations.

Absolutely.  So why do the options game here at all?

> Supporting these serializations doesn’t increase RAM and CPU usage much. We don’t hear any complaining from the real world about this and CBOR is getting close to ten years old.

Grüße, Carsten

v2.8.7 | Report a Bug | By Email