IETF Logo Mail Archive

Re: [COSE] IETF 113 COSE Agenda

Carsten Bormann <cabo@tzi.org> Mon, 21 March 2022 10:49 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8E613A1943 for <cose@ietfa.amsl.com>; Mon, 21 Mar 2022 03:49:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PBGurCmclpHx for <cose@ietfa.amsl.com>; Mon, 21 Mar 2022 03:49:33 -0700 (PDT)
Received: from gabriel-smtp.zfn.uni-bremen.de (gabriel-smtp.zfn.uni-bremen.de [IPv6:2001:638:708:32::15]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95E0D3A194A for <cose@ietf.org>; Mon, 21 Mar 2022 03:49:33 -0700 (PDT)
Received: from [192.168.217.118] (p5089ad4f.dip0.t-ipconnect.de [80.137.173.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4KMWZx2LXbzDCf9; Mon, 21 Mar 2022 11:49:29 +0100 (CET)
Content-Type: multipart/signed; boundary="Apple-Mail=_80C27E89-A182-43B3-8049-1E8BBCB0C105"; protocol="application/pgp-signature"; micalg=pgp-sha256
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <07c6b0f29ed44c3ba22cbd00c0e4d81f@jhuapl.edu>
Date: Mon, 21 Mar 2022 11:49:29 +0100
Cc: Mike Jones <Michael.Jones=40microsoft.com@dmarc.ietf.org>, "cose@ietf.org" <cose@ietf.org>
X-Mao-Original-Outgoing-Id: 669552568.287385-071e36db4d86c63b32e03f1b6c60c527
Content-Transfer-Encoding: quoted-printable
Message-Id: <58B02952-A6BB-4E5E-9EA3-8512D7E16B57@tzi.org>
References: <CO1PR00MB09969F997A8FAF95F53D7F4DF5109@CO1PR00MB0996.namprd00.prod.outlook.com> <SJ0PR00MB100535A8712B985718A94CEFF5169@SJ0PR00MB1005.namprd00.prod.outlook.com> <07c6b0f29ed44c3ba22cbd00c0e4d81f@jhuapl.edu>
To: "Sipos, Brian J." <Brian.Sipos@jhuapl.edu>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/aZMpcRlBFjz3s4iUF3Sq8r6WVRg>
Subject: Re: [COSE] IETF 113 COSE Agenda
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2022 10:49:39 -0000


> On 2022-03-21, at 11:36, Sipos, Brian J. <Brian.Sipos@jhuapl.edu> wrote:
> 
> All,
> I’m not able to attend the COSE time slot at this IETF but I would like to bring up the X509 issue [1] that I noticed while using a similar typed-hash structure for a different purpose. This is not just an editorial issue; it does affect how a receiver is supposed to process algorithm identifier (when it is a text string) by defining what it is supposed to compare with for hash algorithm registrations.

RFC 8152 defines the Algorithms registry:

   Name:  A value that can be used to identify an algorithm in documents
      for easier comprehension.  The name SHOULD be unique.  However,
      the 'Value' field is what is used to identify the algorithm, not
      the 'name' field.

   Value:  The value to be used to identify this algorithm.  Algorithm
      values MUST be unique.  The value can be a positive integer, a
      negative integer, or a string.  Integer values between -256 and
      255 and strings of length 1 are designated as "Standards Action".
      Integer values from -65536 to 65535 and strings of length 2 are
      designated as "Specification Required".  Integer values greater
      than 65535 and strings of length greater than 2 are designated as
      "Expert Review".  Integer values less than -65536 are marked as
      private use.

So the “Value” can be a text string (RFC 8152 fails to say “text”, but that should be obvious).  That text string can be used in a protocol.  The Name cannot.

No current registry entries do define a text string for “Value”; they are all integers.  Defining a text string here is probably going to impede interoperability, so I would not recommend that outside of defined environments and experiments.

Grüße, Carsten

v2.8.7 | Report a Bug | By Email