IETF Logo Mail Archive

Re: [COSE] Key identifier of type bstr / int

Benjamin Kaduk <kaduk@mit.edu> Fri, 13 August 2021 00:00 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59B6F3A0E15; Thu, 12 Aug 2021 17:00:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.499
X-Spam-Level:
X-Spam-Status: No, score=-1.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.399, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 41XSrhSNyR_U; Thu, 12 Aug 2021 17:00:26 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A07693A0E14; Thu, 12 Aug 2021 17:00:26 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 17D00JaM000632 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 12 Aug 2021 20:00:24 -0400
Date: Thu, 12 Aug 2021 17:00:18 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org>
Cc: "cose@ietf.org" <cose@ietf.org>
Message-ID: <20210813000018.GY50759@kduck.mit.edu>
References: <95B75634-B147-4756-A950-C6B139CF3ADD@ericsson.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <95B75634-B147-4756-A950-C6B139CF3ADD@ericsson.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/hMtj2-6bJocnNa6C9fhe6k-qBgo>
Subject: Re: [COSE] Key identifier of type bstr / int
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Aug 2021 00:00:33 -0000

On Fri, Jul 30, 2021 at 12:28:58PM +0000, Göran Selander wrote:
> Hi,
> 
> In LAKE yesterday we had a discussion on compact key identifiers. The main candidate to use, 'kid', is specified as a CBOR bstr, which is typically at least 2 bytes (exception: empty bstr which is 1 byte). We therefore want to allow keys to be identified with CBOR ints which has 48 1-byte values to allow for a larger number of optimally small identifiers.
> 
> One solution would be to define a new COSE key common parameter and COSE header parameter, say 'kid2', of type bstr / int. Another solution would be to extend 'kid' to be bstr / int.
> 
> In the former case a 'kid2' can be used to reference keys identified with either 'kid2' or 'kid', but 'kid' would not be able to reference keys identified with 'kid2' having an int value. Not clear to me if that is a problem. 
> 
> While the LAKE WG did not express any preference, one opinion I learnt after the meeting was a preference of extending 'kid' to bstr / int.
> 
> What do folks in COSE think?
> 
> I'm familiar with the process of registering new COSE parameters, what is the requirement for changing the value type of an existing registration? Standards action with expert review?

I think so.  There's a decent case that just standards action would
suffice, but I like ensuring that the experts also weigh in.

>From the follow-up:

> Another alternative to what has been listed below is to define 'kid2' to
> only be of type int - is that a better option?

That would avoid some of the decoder complexity that Laurence raised, but
leaves the issue of needing logic to handle a message that sets both 'kid'
and 'kid2'.  For a long-term steady-state best outcome I don't see a huge
difference between an expanded 'kid' and deprecating 'kid' entirely in
favor of a 'kid2' that does both.  I'm less sure how to compare that option
against the one-parameter-per-type option (kid==bstr, kid2==int) that is
easier to decode but has the possibility to provide both parameters.

-Ben

v2.23.0 | Report a Bug | By Email