IETF Logo Mail Archive

Re: [COSE] [IANA #1284212] expert review for draft-ietf-cose-cwt-claims-in-headers (cose)

Michael Jones <michael_b_jones@hotmail.com> Sun, 05 November 2023 08:42 UTC

Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87A90C23204B for <cose@ietfa.amsl.com>; Sun, 5 Nov 2023 01:42:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.233
X-Spam-Level:
X-Spam-Status: No, score=-1.233 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2i7ZDURO4e9p for <cose@ietfa.amsl.com>; Sun, 5 Nov 2023 01:42:01 -0700 (PDT)
Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam04olkn2083.outbound.protection.outlook.com [40.92.45.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0706C06F22C for <cose@ietf.org>; Sun, 5 Nov 2023 01:42:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=W53jAFYGUM69RhqY7APrYeBwBNhyEq5u3qFjuQPb9y3VZ2LYSACmwfbJvtvvkB5gkJuFQl0EA+sk8FijCAMzRbTju2EIWp48OZBf3fsiMCDfVo/NJhBrIop+reTlOx0bxR2pVpd2kPwUefmHPyiHDK8W6m4ilYQBoAwDt3nkzInqGrmslogxD+Lf5rGJGXPZPEHXzj89P0w/vJ2Aux6VV/dgQxb+Qd19UZfEBpX/3rGFTNMu5dk62y1lPRDgt//h7UWcjf7+VsnJ7X3+JpEewTf1cY8bjnTnZQSsSqrpw/TTZ1K8UjRNbBD+qfETOP34kdKwWwzKseayBwsOr9/t6Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/ci+w2jrxVVWP5Ctg+l47vhT2AYj9lOT6Anb196NnM8=; b=RoIsa6ksXtAG4B2Ybs+IrULWwLMc5WDe+eUqe1sn9iFX4+u7aiNVBaFHDJ7Vx8icOJi9ukUo8RUNaO2RzRaUnjcmTlSmPYyyRAbyeHDBfvJxtnLzNFDsjC6fWKWzKJQrnMryyhPBZ4nbP38Agm6H4jHi0woE/Szc6WDEMidNgQvDfa9i18+7QRe1V/gdhNkK5bpup1KzPuyPRBZJ4cccQkFKFTJ7bm4smLe5bW/Tck4WTjUkpHmTHNRiO0ApIFIQDkp1teWFGvmTfPimtEernhTokqly6cuhACrXUzMo8GD2JUcvDBvqUdXd2Y4Gl9WBx6YvmGWTJRHNyPJJvGg0ng==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/ci+w2jrxVVWP5Ctg+l47vhT2AYj9lOT6Anb196NnM8=; b=uIVhngtWWkjha3hp7D7pdSBccOnsL6gwgAOF070Lxqa+vdRY9F4ddAvjtpjo4D3z8c7kTWJeD4wVIX1Ak2OxBTwJzVRJVqiDIkFBnUk22itppIZs8gJOQlJQwzeine4NjtsHZ6OkAARfN+C4Df22ATHbZvq5WY8HtE7why6jhOAWB0ZVtesywfQau6uNZQ/4guzhyaXf6nEUpUHQ/E/GPY4Lu8ywCGsrZujF+UrwOQ48y24ZKFQRs/OGCg1Kr9MUP+eM4DI1EAbBokt8iALEY66m0ATIL+BTa4TE+OeWgClCG2wpqmZ23A0FkESauLsMccEwhQIBT3Q/FE8RFKcytw==
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com (2603:10b6:a03:295::14) by PH7PR02MB9002.namprd02.prod.outlook.com (2603:10b6:510:1fa::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6907.33; Sun, 5 Nov 2023 08:41:59 +0000
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::f0a:7be5:5407:5152]) by SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::f0a:7be5:5407:5152%6]) with mapi id 15.20.6954.021; Sun, 5 Nov 2023 08:41:59 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: Carsten Bormann <cabo@tzi.org>, "lgl island-resort.com" <lgl@island-resort.com>
CC: Francesca Palombini <francesca.palombini@ericsson.com>, "drafts-expert-review-comment@iana.org" <drafts-expert-review-comment@iana.org>, "cose@ietf.org" <cose@ietf.org>, "paul.wouters@aiven.io" <paul.wouters@aiven.io>
Thread-Topic: [COSE] [IANA #1284212] expert review for draft-ietf-cose-cwt-claims-in-headers (cose)
Thread-Index: AQHaCDkP9UjpiCPQckyWupuy843ctbBco/WQgACxYgCAAB65gIAARemwgAASRQCAAAoXsIAAAxIAgAAAOxCAAAKOAIAAALPQgAAhnACADJQegIAABwuAgADCnICAABnTAA==
Date: Sun, 05 Nov 2023 08:41:59 +0000
Message-ID: <SJ0PR02MB7439EBC79259647E7BF45789B7ABA@SJ0PR02MB7439.namprd02.prod.outlook.com>
References: <RT-Ticket-1284212@icann.org> <rt-5.0.3-580051-1697567816-1595.1284212-9-0@icann.org> <rt-5.0.3-580636-1697568304-0.1284212-9-0@icann.org> <AS1PR07MB8616EFA12DB4F47075B7AB5198DDA@AS1PR07MB8616.eurprd07.prod.outlook.com> <MW4PR02MB7428022AEA2B4574410EE7EEB7DDA@MW4PR02MB7428.namprd02.prod.outlook.com> <AS1PR07MB8616E407B141D0C56F7EC65398DCA@AS1PR07MB8616.eurprd07.prod.outlook.com> <F465B3E6-B2CA-4580-B006-5DE7D8E9AABD@tzi.org> <MW4PR02MB7428E1B8942D1D64A825B0EEB7DCA@MW4PR02MB7428.namprd02.prod.outlook.com> <D4A1FC53-8D45-455B-8DF0-F3692F96AE4A@tzi.org> <MW4PR02MB7428A11CC4B4061109E5A07DB7DCA@MW4PR02MB7428.namprd02.prod.outlook.com> <56022A38-8D1A-4C65-A535-E3D45F3C3C7E@tzi.org> <MW4PR02MB7428751A6DC9804B8B15B66BB7DCA@MW4PR02MB7428.namprd02.prod.outlook.com> <641BD038-522A-41C2-B2C2-9E3C118DE915@tzi.org> <MW4PR02MB7428C73DA8A708AB8B860923B7DCA@MW4PR02MB7428.namprd02.prod.outlook.com> <4F61896C-4BAD-436E-AC31-3F50E9B93BF7@island-resort.com> <B7F75895-A2CD-4BDB-BDD9-08AE784690A2@tzi.org> <A5700329-C5E2-41B8-9AA8-9455855A088F@island-resort.com> <B2B317AD-CA0C-4B63-B797-572EF4D64E66@tzi.org>
In-Reply-To: <B2B317AD-CA0C-4B63-B797-572EF4D64E66@tzi.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-tmn: [9grpcxIyUn8pS+CToeE4bGiZi9KvS5yDj0/bRpGEmXmAfED1edc4gI3pNJl85/J+]
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR02MB7439:EE_|PH7PR02MB9002:EE_
x-ms-office365-filtering-correlation-id: d17d5635-a88f-4011-e85f-08dbdddb131e
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Xvn81yI8qTmOJWsKD84sWDAXyiiR+xdhJWpszZbB/iQ8rea4xw379F1jEfjxop8c/03evkgbjmLfWf+LmNd5jFwoFvwiTA13wF2tctCItILjZMlyjxFkOirDWpT2KtKg8JzcyWuKvnTUb8gHQ8SYjOi/B+nOgtfR3xMMjTeP6IitYz6jY5/K15fQiVkm4n+ynbzWku9C70cK4IWkrPbP6Yu2EfOoVCoHTFEhPX8R5GPHM++w2+KPDIJwin7YsNvP9l7pK8FJYmrX5TaPpnjxoGtX01QSjWWNQjM/Ja0qry7vIO2ZYKw6aK2lz+Gipu5VY9BQpWOGSmDySFc9iMsRWVJcDQw3etLoJTRnSLRKXyemWpPCMV0nX1EIDnY1OU3oqddNS2VQHCXJZue4VX+Pc21amYOyzZ0UvYWsptEeWHKFyFLX2URcoeKoPMtba4R0ugaAfWy19g0EXrlV+OGBK9ZDwx36PPqai4Fxs6zuqyexcjHGJPGAt7XI/F3fDB5f8VyIejNbod9f2qtMw/HI82rTJiNmzRN1JPHgrjH2eEF1f8fjnakz2stMLxccbcSf
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 6tCyRW7XcqYsvs+tO32H6Ydglf+TgD8x6JIXxUfbMHqNHckkH5kMkMaYvW9vDhIVgxeTqCqgOEq7q5mAQcSBKEpWDKFUj44rmrT10PYEaT/2lEr+9x2gPHE56YnLH7Dn788+bC50kjhoav+kkacBlHJAwTRCuNWv91KtmMzV3NV4/blDvaDr3yFSjBVPcVm6fSk4rsCLymh3qBpJ66ADSJb8bG1bC4MuEB1WSI6giogFFcVeR3WtkuC7u3V6m4HuRuwrGDvdsopZwL8bIQzcwALMwAB+7YUQhs/6RaplHs4zoIGXb/1UsnEMI91hDvh9SrfEnLAIydWU1XDJtCAWH/vxfLB1ghbMIwPm6zSgWvcP+drzg5SXcPSF843OFQf5qtr/X59whavEVgQLm+NhuK+bkA9yNZMhRsYg85uKecFI0IkFwhQ8PB4YSmO7sxfNLu5l2rh1NnBNrjZ+0L9wzCmSlJaQuO/CdsL4+O3Kpyckj6wH9cKl6wzi7916L5PPrUK6j7bELRYoX01X1Uj0fuM1RtImI1hiGkLr4GQodKOavM5EvOMf8pAphXnousJDvmeMXvfvLOSQvC0lhXgENlSDeK3EhZNJGhyhEzB1WA15Hy2ifYAw86JHvlxx0HsODB9o9Om7HfDFpPoNT2ZAYQwnfvhXhh0Hz4UVUdr5kxc8BerCpJPNFYGDCDpUt4U1/i0/vAZRUV018pV5YZrej9Dd00Kf9VdXRewv8LPA4okuupRrf2oJqoX3dAYCmtjVZa7CUyQ4k0Ye8pJ/bkN7eS1Xe/DNL6soRVkARlYVTDGZH+Hzjz6dPcheZ8PABGttcQhFoEdw4oGUIlenPMUu5JfH3VdyZ/hV2gvLEDJZUkn6v0GjsFqjZsY+Mg91Wa17JINTVpjwjL36iAG+sAESF3J5IgCK0MWVaC0Ft2BOvNOU+tOptSS/YOVMSUrFT3oIILlto+zfWpHAA5R6ul3jF8fC/MAAOndtennzR2EsEG0z2DNiH/4NT7rSf/q8hMTiefNC+E4OGKvaQZk7TzAFyva0Z4uUYsTYj+CSqAhpr5puJu+SX08+pco2ucqB6bQQ/N0vcrsVWUuPrBZAz+iKaSUbtaQqffIaOL+ZcNrfmamkv44d1Znm/bK9i+CvcBZwP1XB+jrGciMcInaYcnGdz0jAIS60VGubp1s5bBmRp1L5D5jhs0T7ofHcyq7IAsSpeWuQnDI366rPQ8R3uxGSfOuJhC+lS3rAkJJvx61IUkw1eZHGKI9dfg+Im9e8vEfdPHMvdbc0a5lPNrIEGQFyV/zDYLuFlTtQYGg5+jEVHVU=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-99c3d.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB7439.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: d17d5635-a88f-4011-e85f-08dbdddb131e
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Nov 2023 08:41:59.1281 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR02MB9002
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/b7-7X8HsJs1nV-Bs7-z0_TNG1bY>
Subject: Re: [COSE] [IANA #1284212] expert review for draft-ietf-cose-cwt-claims-in-headers (cose)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Nov 2023 08:42:06 -0000

Carsten, you asked " In all these cases, does the CWT added to the header form its own CWT that can be evaluated as such independently before jumping into the COSE object, or is it just intended to convey additional parameters to the processing intended for the COSE object with the other header parameters?"

To be clear, even normal CWTs (and JWTs) are simply bags of claims.  Their definitions express syntax - not fully-actionable semantics.  Profiles define semantics for the kinds of CWTs (or JWTs) that they define.  Cwt-claims-in-headers are the same.  They define syntax for where you can put claims.  It's up to profiles like lake-edhoc or SCITT to define how they're using those claims and what processing is associate with them.  Cwt-claims-in-headers doesn't change anything in that regard.

				Best wishes,
				-- Mike

-----Original Message-----
From: Carsten Bormann <cabo@tzi.org> 
Sent: Sunday, November 5, 2023 8:05 AM
To: lgl island-resort.com <lgl@island-resort.com>
Cc: Michael Jones <michael_b_jones@hotmail.com>; Francesca Palombini <francesca.palombini@ericsson.com>; drafts-expert-review-comment@iana.org; cose@ietf.org; paul.wouters@aiven.io
Subject: Re: [COSE] [IANA #1284212] expert review for draft-ietf-cose-cwt-claims-in-headers (cose)

On Nov 4, 2023, at 20:28, lgl island-resort.com <lgl@island-resort.com> wrote:
> 
> 
>> On Nov 4, 2023, at 8:03 PM, Carsten Bormann <cabo@tzi.org> wrote:
>> 
>> On Oct 27, 2023, at 20:57, lgl island-resort.com <lgl@island-resort.com> wrote:
>>> 
>>> It seems like this is in hand, but FYI, in EAT, we want to use ccs to bring the “eat_profile” claim up from the CWT Claims-Set to the top level so that dispatch of the EAT processing can be done before processing COSE. It is possible that COSE is providing encryption making it a lot of work to access the “eat_profile" claim.  The “eat_profile" is kind of a sub-type mechanism in EAT.
>> 
>> This is an interesting example.
>> 
>> It seems more obvious to me to just extract that one claim and define a parameter, with well-defined semantics!, for just that.
> 
> I mentioned these in another thread/message:
> 
> - OEMID claim also to dispatch to OEM-specific attestation processors
> 
> - When the EAT is encrypted, any other claim you want in the clear for processing before decryption
> 
> - In general dispatch, pre-processing and early error checks before full CWT processing, particularly for encrypted CWTs
> 
> Because the claims that are candidate for all this may not be known all at once, it’s nice to have the general facility for any claim, rather than having to define each COSE parameter.

In all these cases, does the CWT added to the header form its own CWT that can be evaluated as such independently before jumping into the COSE object, or is it just intended to convey additional parameters to the processing intended for the COSE object with the other header parameters?

BTW, it seems that “eat-profile” might play a quite similar role to “typ” (I’m not suggesting to merge these, just to use this similarity for thinking about the space).

Grüße, Carsten

v2.23.0 | Report a Bug | By Email