IETF Logo Mail Archive

Re: [Cose] Issue: Encoding for a single recipient or structure

"Jim Schaad" <ietf@augustcellars.com> Tue, 07 July 2015 23:00 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4552B1B29F6 for <cose@ietfa.amsl.com>; Tue, 7 Jul 2015 16:00:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FTw3u2sMJkiZ for <cose@ietfa.amsl.com>; Tue, 7 Jul 2015 16:00:32 -0700 (PDT)
Received: from smtp3.pacifier.net (smtp3.pacifier.net [64.255.237.177]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47E9C1B2A29 for <cose@ietf.org>; Tue, 7 Jul 2015 16:00:31 -0700 (PDT)
Received: from hebrews (174-21-18-91.tukw.qwest.net [174.21.18.91]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp3.pacifier.net (Postfix) with ESMTPSA id DBA6C38F0E; Tue, 7 Jul 2015 16:00:01 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: 'Brian Campbell' <bcampbell@pingidentity.com>, 'Carsten Bormann' <cabo@tzi.org>
References: <001b01d08399$434ab9b0$c9e02d10$@augustcellars.com> <BL2PR03MB433F667195C8A8436CBF05AF5A90@BL2PR03MB433.namprd03.prod.outlook.com> <009501d0b392$fb7cc680$f2765380$@augustcellars.com> <BL2PR03MB43351E8E3234EC1808B46B7F5A80@BL2PR03MB433.namprd03.prod.outlook.com> <CAD9ie-uPY6FAKwPxT8n79fm+n88HM-jf+Y+yTxPghrso8c4TzQ@mail.gmail.com> <BL2PR03MB433110A60A3FE944DDB0865F5A80@BL2PR03MB433.namprd03.prod.outlook.com> <CAD9ie-sSZxJJghyNKcU=cxnUiT4pgbvSJpeV2hvetoYv1qhD8A@mail.gmail.com> <00d001d0b3b6$ce20f2f0$6a62d8d0$@augustcellars.com> <559392F7.30000@tzi.org> <CA+k3eCQHsFQqU9PG=SDgueKRzGRjCvBN-_z1KQy2jX7M3Wmacw@mail.gmail.com> <ED58AE54-9CB1-48FF-A760-E69C66224EF1@mit.edu> <5594EA07.3030508@tzi.org> <CA+k3eCRbEu3tK4THR9xiQ4oeTKr2-yggSUH5L6Ctdr1GWU4FUw@mail.gmail.com>
In-Reply-To: <CA+k3eCRbEu3tK4THR9xiQ4oeTKr2-yggSUH5L6Ctdr1GWU4FUw@mail.gmail.com>
Date: Tue, 07 Jul 2015 15:58:56 -0700
Message-ID: <001601d0b908$c33baf90$49b30eb0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0017_01D0B8CE.16DF4890"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQJBW2regVOc1KgJrCGEY9SFfcIRjgIjyzTpArNKyUYA0EcPdQJL5N93AtWHUysCrbMn0wGRZpBdAiF4EMoBhcnxkwGFYDl/AaP1+x4C0TL5IZwqDFng
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/hrXApRd6-0L3bWMmmK5IlmoOPJ8>
Cc: 'Justin Richer' <jricher@mit.edu>, cose@ietf.org
Subject: Re: [Cose] Issue: Encoding for a single recipient or structure
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jul 2015 23:00:36 -0000

 

 

From: Brian Campbell [mailto:bcampbell@pingidentity.com] 
Sent: Thursday, July 02, 2015 10:14 AM
To: Carsten Bormann
Cc: Justin Richer; Jim Schaad; cose@ietf.org
Subject: Re: [Cose] Issue: Encoding for a single recipient or structure

 

Some things translate more directly than others :)

Indeed the dot joined base64url encoded segments are very array like. And with CBOR that encoding and dot joining is unneeded.

The JOSE experience I'm suggesting this WG consider is the relative simplicity afforded by compact serializations and the widespread use they have seen.

[JLS]  I don’t know how much of this is because it is easy, or because that was the format that was being used by “everybody” before it even came into the working group.  Remember how many decisions boiled down to – we can’t change this, it would break all of the existing code.


 
Conceptualizing the compact serializations as arrays, you have this for signatures/macs:

 

    [protected_header, payload, signature]

and this for encryption:


    [protected_header, encrypted_key, initialization_vector, ciphertext, authentication_tag]



There's just a single recipient or just one signature. There's only one place for headers and they are always protected. It's a (relatively) simple and consistent processing model. The message can be processed or not. There's real value in the simplicity. 






 

On Thu, Jul 2, 2015 at 1:36 AM, Carsten Bormann <cabo@tzi.org <mailto:cabo@tzi.org> > wrote:

I'm not sure the JOSE experience translates to COSE.

In JOSE, there are two different forms, one array-based (a dot-joined
sequence of base64 encodings of the array elements) and one map-based.
COSE doesn't need that choice.

All I can read from the JOSE experience cited here is a strong indicator
that we want to go for arrays, not maps, at least for the outer structure.

Now whether that is shaped*)

[pr, un, ciph, [r1, r2]]

or

[pr, un, ciph, r1]

or

[pr, un, ciph, *r1]

(where *r1 means tha the contents of r1 is expanded right in place)

becomes less of a complexity argument:
[pr, un, ciph, [r1]]
really isn't that much more complex than
[pr, un, ciph, r1]
except for that one 0x81 byte wasted; in a pinch, we can also go for

[pr, un, ciph, r1, r2]
(which is another way of saying:
[pr, un, ciph, *[r1, r2]]
)

Making the array variable size disables JOSE's hack of using the array
size for distinguishing JWE from JWS.  But we don't need that; CBOR has
tags.

Grüße, Carsten

*) I'm leaving msg_type out here, see other thread.

v2.23.0 | Report a Bug | By Email