Re: [Cose] Issue: Encoding for a single recipient or structure
"Jim Schaad" <ietf@augustcellars.com> Tue, 07 July 2015 23:00 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4552B1B29F6 for <cose@ietfa.amsl.com>; Tue, 7 Jul 2015 16:00:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FTw3u2sMJkiZ for <cose@ietfa.amsl.com>; Tue, 7 Jul 2015 16:00:32 -0700 (PDT)
Received: from smtp3.pacifier.net (smtp3.pacifier.net [64.255.237.177]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47E9C1B2A29 for <cose@ietf.org>; Tue, 7 Jul 2015 16:00:31 -0700 (PDT)
Received: from hebrews (174-21-18-91.tukw.qwest.net [174.21.18.91]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp3.pacifier.net (Postfix) with ESMTPSA id DBA6C38F0E; Tue, 7 Jul 2015 16:00:01 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: 'Brian Campbell' <bcampbell@pingidentity.com>, 'Carsten Bormann' <cabo@tzi.org>
References: <001b01d08399$434ab9b0$c9e02d10$@augustcellars.com> <BL2PR03MB433F667195C8A8436CBF05AF5A90@BL2PR03MB433.namprd03.prod.outlook.com> <009501d0b392$fb7cc680$f2765380$@augustcellars.com> <BL2PR03MB43351E8E3234EC1808B46B7F5A80@BL2PR03MB433.namprd03.prod.outlook.com> <CAD9ie-uPY6FAKwPxT8n79fm+n88HM-jf+Y+yTxPghrso8c4TzQ@mail.gmail.com> <BL2PR03MB433110A60A3FE944DDB0865F5A80@BL2PR03MB433.namprd03.prod.outlook.com> <CAD9ie-sSZxJJghyNKcU=cxnUiT4pgbvSJpeV2hvetoYv1qhD8A@mail.gmail.com> <00d001d0b3b6$ce20f2f0$6a62d8d0$@augustcellars.com> <559392F7.30000@tzi.org> <CA+k3eCQHsFQqU9PG=SDgueKRzGRjCvBN-_z1KQy2jX7M3Wmacw@mail.gmail.com> <ED58AE54-9CB1-48FF-A760-E69C66224EF1@mit.edu> <5594EA07.3030508@tzi.org> <CA+k3eCRbEu3tK4THR9xiQ4oeTKr2-yggSUH5L6Ctdr1GWU4FUw@mail.gmail.com>
In-Reply-To: <CA+k3eCRbEu3tK4THR9xiQ4oeTKr2-yggSUH5L6Ctdr1GWU4FUw@mail.gmail.com>
Date: Tue, 07 Jul 2015 15:58:56 -0700
Message-ID: <001601d0b908$c33baf90$49b30eb0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0017_01D0B8CE.16DF4890"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQJBW2regVOc1KgJrCGEY9SFfcIRjgIjyzTpArNKyUYA0EcPdQJL5N93AtWHUysCrbMn0wGRZpBdAiF4EMoBhcnxkwGFYDl/AaP1+x4C0TL5IZwqDFng
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/hrXApRd6-0L3bWMmmK5IlmoOPJ8>
Cc: 'Justin Richer' <jricher@mit.edu>, cose@ietf.org
Subject: Re: [Cose] Issue: Encoding for a single recipient or structure
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jul 2015 23:00:36 -0000
From: Brian Campbell [mailto:bcampbell@pingidentity.com] Sent: Thursday, July 02, 2015 10:14 AM To: Carsten Bormann Cc: Justin Richer; Jim Schaad; cose@ietf.org Subject: Re: [Cose] Issue: Encoding for a single recipient or structure Some things translate more directly than others :) Indeed the dot joined base64url encoded segments are very array like. And with CBOR that encoding and dot joining is unneeded. The JOSE experience I'm suggesting this WG consider is the relative simplicity afforded by compact serializations and the widespread use they have seen. [JLS] I don’t know how much of this is because it is easy, or because that was the format that was being used by “everybody” before it even came into the working group. Remember how many decisions boiled down to – we can’t change this, it would break all of the existing code. Conceptualizing the compact serializations as arrays, you have this for signatures/macs: [protected_header, payload, signature] and this for encryption: [protected_header, encrypted_key, initialization_vector, ciphertext, authentication_tag] There's just a single recipient or just one signature. There's only one place for headers and they are always protected. It's a (relatively) simple and consistent processing model. The message can be processed or not. There's real value in the simplicity. On Thu, Jul 2, 2015 at 1:36 AM, Carsten Bormann <cabo@tzi.org <mailto:cabo@tzi.org> > wrote: I'm not sure the JOSE experience translates to COSE. In JOSE, there are two different forms, one array-based (a dot-joined sequence of base64 encodings of the array elements) and one map-based. COSE doesn't need that choice. All I can read from the JOSE experience cited here is a strong indicator that we want to go for arrays, not maps, at least for the outer structure. Now whether that is shaped*) [pr, un, ciph, [r1, r2]] or [pr, un, ciph, r1] or [pr, un, ciph, *r1] (where *r1 means tha the contents of r1 is expanded right in place) becomes less of a complexity argument: [pr, un, ciph, [r1]] really isn't that much more complex than [pr, un, ciph, r1] except for that one 0x81 byte wasted; in a pinch, we can also go for [pr, un, ciph, r1, r2] (which is another way of saying: [pr, un, ciph, *[r1, r2]] ) Making the array variable size disables JOSE's hack of using the array size for distinguishing JWE from JWS. But we don't need that; CBOR has tags. Grüße, Carsten *) I'm leaving msg_type out here, see other thread.
- [Cose] Issue: Encoding for a single recipient or … Jim Schaad
- Re: [Cose] Issue: Encoding for a single recipient… Paul Hoffman
- Re: [Cose] Issue: Encoding for a single recipient… Jim Schaad
- Re: [Cose] Issue: Encoding for a single recipient… Paul Hoffman
- Re: [Cose] Issue: Encoding for a single recipient… Derek Atkins
- Re: [Cose] Issue: Encoding for a single recipient… ⌘ Matt Miller
- Re: [Cose] Issue: Encoding for a single recipient… Mike Jones
- Re: [Cose] Issue: Encoding for a single recipient… Jim Schaad
- Re: [Cose] Issue: Encoding for a single recipient… Mike Jones
- Re: [Cose] Issue: Encoding for a single recipient… Dick Hardt
- Re: [Cose] Issue: Encoding for a single recipient… Mike Jones
- Re: [Cose] Issue: Encoding for a single recipient… Dick Hardt
- Re: [Cose] Issue: Encoding for a single recipient… Jim Schaad
- Re: [Cose] Issue: Encoding for a single recipient… Carsten Bormann
- Re: [Cose] Issue: Encoding for a single recipient… Brian Campbell
- Re: [Cose] Issue: Encoding for a single recipient… Justin Richer
- Re: [Cose] Issue: Encoding for a single recipient… Henrich Pöhls
- Re: [Cose] Issue: Encoding for a single recipient… Carsten Bormann
- Re: [Cose] Issue: Encoding for a single recipient… Brian Campbell
- Re: [Cose] Issue: Encoding for a single recipient… Jim Schaad
- Re: [Cose] Issue: Encoding for a single recipient… Jim Schaad
- Re: [Cose] Issue: Encoding for a single recipient… Jim Schaad
- Re: [Cose] Issue: Encoding for a single recipient… Derek Atkins
- Re: [Cose] Issue: Encoding for a single recipient… Jim Schaad
- Re: [Cose] Issue: Encoding for a single recipient… Brian Campbell
- Re: [Cose] Issue: Encoding for a single recipient… Brian Campbell
- Re: [Cose] Issue: Encoding for a single recipient… Mike Jones