Re: [COSE] New Version Notification for draft-schaad-cose-x509-00.txt
Laurence Lundblade <llundbla@qti.qualcomm.com> Mon, 17 April 2017 23:57 UTC
Return-Path: <llundbla@qti.qualcomm.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C169126C2F for <cose@ietfa.amsl.com>; Mon, 17 Apr 2017 16:57:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7
X-Spam-Level:
X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BVo3mTq7KnkO for <cose@ietfa.amsl.com>; Mon, 17 Apr 2017 16:57:50 -0700 (PDT)
Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88F0F124D68 for <cose@ietf.org>; Mon, 17 Apr 2017 16:57:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1492473470; x=1524009470; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=VUaP9e5V+aIs69OvyWKFOwxmAHEB18oXI7XqLEUIG8o=; b=ZeS9ryC6LKRtxHmVVhY4epASCam3HzDH/pbHDNWNA8oB4hoE7uZ+iikh sdVTzjOQmwUdbDas741HFfYQ2zSzcaibc1ssNlDX+K3+hy2hphlVBEjOR sYs81FR8kjZvUEaHKIx9tc37F8kjmmC5aby4ab0OfeheBkl9K1+TMfVU5 0=;
X-IronPort-AV: E=Sophos;i="5.37,217,1488873600"; d="scan'208,217";a="374855393"
Received: from unknown (HELO Ironmsg03-R.qualcomm.com) ([10.53.140.107]) by wolverine02.qualcomm.com with ESMTP; 17 Apr 2017 16:57:49 -0700
X-IronPort-AV: E=McAfee;i="5800,7501,8501"; a="1349588358"
X-MGA-submission: MDGPpJ1p7SFcsirGEH3VWJmSTH8ONoDvfWZ5o38bVemFWOzbtSVTelvB8S7rroYnCio8EgK5iPaYDIsksOidZ9N5gWGbTyVlWppNRo1KFRsWfcavLHeI0aT2QIrIg/QKMWWXS0QQvhn5uauTIQ76HN2M
Received: from nasanexm01d.na.qualcomm.com ([10.85.0.84]) by Ironmsg03-R.qualcomm.com with ESMTP/TLS/RC4-SHA; 17 Apr 2017 16:57:49 -0700
Received: from NASANEXM01B.na.qualcomm.com (10.85.0.82) by NASANEXM01D.na.qualcomm.com (10.85.0.84) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Mon, 17 Apr 2017 16:57:48 -0700
Received: from NASANEXM01B.na.qualcomm.com ([10.85.0.82]) by NASANEXM01B.na.qualcomm.com ([10.85.0.82]) with mapi id 15.00.1178.000; Mon, 17 Apr 2017 16:57:48 -0700
From: Laurence Lundblade <llundbla@qti.qualcomm.com>
To: Samuel Erdtman <samuel@erdtman.se>
CC: Jim Schaad <ietf@augustcellars.com>, cose <cose@ietf.org>
Thread-Topic: [COSE] New Version Notification for draft-schaad-cose-x509-00.txt
Thread-Index: AQHSUE9n8gqDeU8N0UWR0TVip3PpF6HLgYAA
Date: Mon, 17 Apr 2017 23:57:48 +0000
Message-ID: <BB0F527A-E061-427D-AA0B-C5CDDE4B9A76@qti.qualcomm.com>
References: <147987163959.30322.14158962529156430503.idtracker@ietfa.amsl.com> <004901d24546$8e76bfe0$ab643fa0$@augustcellars.com> <CAF2hCbZK4+mSHTqvZQnzFD+7F8PDkP0q3JNFYp=dOMRkE+Vh=w@mail.gmail.com> <9CE238FE-6AF0-458D-A1C7-B790870323D3@qti.qualcomm.com> <06e701d24f77$8d438280$a7ca8780$@augustcellars.com> <CAF2hCbbdp=mW5yfKvWoF-Tm53-CdVPQe7Xx-+TPpJwjsiMzofQ@mail.gmail.com>
In-Reply-To: <CAF2hCbbdp=mW5yfKvWoF-Tm53-CdVPQe7Xx-+TPpJwjsiMzofQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3273)
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.80.80.8]
Content-Type: multipart/alternative; boundary="_000_BB0F527AE061427DAA0BC5CDDE4B9A76qtiqualcommcom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/cpzIdxKrtlZexYEazFXgLDGdgXk>
Subject: Re: [COSE] New Version Notification for draft-schaad-cose-x509-00.txt
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Apr 2017 23:57:53 -0000
It’s been a while, but I have another scenario. Let’s say the key pair is generated on a device, but the certificate is not on the device because the device is very constrained or there are other considerations. The certificate is to be picked up from a server or some other part of the system infrastructure. In that case identifying the certificate by the public key or some derivation of the public key is very helpful. Subject Key ID from RFC 5280 section 4.2.1.2 seems exactly the right thing. The parameter name could be “x5i” or “x5ski”. For full and standardized interop, we would have to go one step further than RFC 5280 and RFC 7093 to formally define the how the Subject Key ID is created from the key itself. RFC 5280 only gives “common methods”. LL On Dec 6, 2016, at 10:01 PM, Samuel Erdtman <samuel@erdtman.se<mailto:samuel@erdtman.se>> wrote: Hi Jim, I think we should name the parameters differently x5t, x5c and x5u are used in JOSE with slightly different semantic. This would be similar to the "content type" in the COSE specification where cty is not used. Since the names are not included in the encoded message it might make sense to name them: * x509 Certificate Thumbprint * x509 Certificate Chain * x509 Certificate URL //Samuel On Tue, Dec 6, 2016 at 5:16 AM, Jim Schaad <ietf@augustcellars.com<mailto:ietf@augustcellars.com>> wrote: Thanks for input, it is something that nobody else has actually given yet. I could easily get behind the idea of moving to two different headers, one for ordered and one for a bag. I don’t think that there would be a huge problem with assigning the multiple code points. I don’t know how common/uncommon it is for fields to allow multiple types. I do know that the COSE spec does it in a couple of places, although most of them can be ignored at this point in time. Personally, I don’t find the code to support that feature to be very difficult and argued that as part of the JOSE effort when the same topic was discussed. While it does not explicitly say that in COSE, my assumption was always that ‘kid’ only identified COSE based keys. I think that is probably an invalid assumption. I would however expect that if an explicit key is given in the form a certificate then a kid would not need to be present. An application however could state that a kid could be the spki value from a certificate so that it could be used to find certificates if desired. I’ll make a comment to myself on that. More comments from everybody about what is good and bad are wanted. Jim From: Lundblade, Laurence [mailto:llundbla@qti.qualcomm.com<mailto:llundbla@qti.qualcomm.com>] Sent: Monday, December 05, 2016 6:21 PM To: Samuel Erdtman <samuel@erdtman.se<mailto:samuel@erdtman.se>> Cc: Jim Schaad <ietf@augustcellars.com<mailto:ietf@augustcellars.com>>; cose <cose@ietf.org<mailto:cose@ietf.org>> Subject: Re: [COSE] New Version Notification for draft-schaad-cose-x509-00.txt Sorry for the delayed response and thanks for the draft. The order definitive chain option for x5c looks pretty good. How does the kid parameter come into play? Is x5c in lieu of kid? Seems like it would be. Is it usual to have the data type / semantics vary for some CBOR like x5c? Haven’t run into any CBOR like that before. Would it be better to have an x5cb (b for bag) and an x5co (o for ordered). Thanks! LL On Nov 23, 2016, at 10:43 PM, Samuel Erdtman <samuel@erdtman.se<mailto:samuel@erdtman.se>> wrote: Looks like a good start to me. Laurence what do you think? //Samuel On Wed, Nov 23, 2016 at 6:00 AM, Jim Schaad <ietf@augustcellars.com<mailto:ietf@augustcellars.com>> wrote: This is a rough draft of what a set of X.509 headers could look like. There is lots of things that are incomplete or missing, but I said I would write up a fast version for people to look at so here it is. If you are interested, please comment on the headers. The pointer to the github repository is in the document. Jim > -----Original Message----- > From: internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> [mailto:internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>] > Sent: Tuesday, November 22, 2016 7:27 PM > To: Jim Schaad <ietf@augustcellars.com<mailto:ietf@augustcellars.com>> > Subject: New Version Notification for draft-schaad-cose-x509-00.txt > > > A new version of I-D, draft-schaad-cose-x509-00.txt has been successfully > submitted by Jim Schaad and posted to the IETF repository. > > Name: draft-schaad-cose-x509 > Revision: 00 > Title: CBOR Encoded Message Syntax (COSE): Headers for carrying > and referencing X.509 certificates > Document date: 2016-11-22 > Group: Individual Submission > Pages: 6 > URL: https://www.ietf.org/internet-drafts/draft-schaad-cose-x509-00.txt > Status: https://datatracker.ietf.org/doc/draft-schaad-cose-x509/ > Htmlized: https://tools.ietf.org/html/draft-schaad-cose-x509-00 > > > Abstract: > This document defines the headers and usage for referring to and > transporting X.509 certificates in the CBOR Encoded Message (COSE) > Syntax. > > Contributing to this document > > The source for this draft is being maintained in GitHub. Suggested > changes should be submitted as pull requests at <https://github.com/ > cose-wg/X509>. Instructions are on that page as well. Editorial > changes can be managed in GitHub, but any substantial issues need to > be discussed on the COSE mailing list. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org/>. > > The IETF Secretariat _______________________________________________ COSE mailing list COSE@ietf.org<mailto:COSE@ietf.org> https://www.ietf.org/mailman/listinfo/cose _______________________________________________ COSE mailing list COSE@ietf.org<mailto:COSE@ietf.org> https://www.ietf.org/mailman/listinfo/cose
- Re: [COSE] New Version Notification for draft-sch… Laurence Lundblade
- Re: [COSE] New Version Notification for draft-sch… Laurence Lundblade
- Re: [COSE] New Version Notification for draft-sch… Jim Schaad
- [COSE] FW: New Version Notification for draft-sch… Jim Schaad
- Re: [COSE] FW: New Version Notification for draft… Samuel Erdtman
- Re: [COSE] FW: New Version Notification for draft… Kumar, Sandeep
- Re: [COSE] FW: New Version Notification for draft… Ludwig Seitz
- Re: [COSE] FW: New Version Notification for draft… Kathleen Moriarty
- Re: [COSE] FW: New Version Notification for draft… Kumar, Sandeep
- Re: [COSE] FW: New Version Notification for draft… Jim Schaad
- Re: [COSE] FW: New Version Notification for draft… Justin Richer
- Re: [COSE] New Version Notification for draft-sch… Lundblade, Laurence
- Re: [COSE] New Version Notification for draft-sch… Jim Schaad
- Re: [COSE] New Version Notification for draft-sch… Samuel Erdtman