Re: [COSE] [Rats] RAM requirements for COSE/CWT
Anders Rundgren <anders.rundgren.net@gmail.com> Tue, 22 February 2022 14:00 UTC
Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 62B893A11D1;
Tue, 22 Feb 2022 06:00:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.812
X-Spam-Level:
X-Spam-Status: No, score=-2.812 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
NICE_REPLY_A=-0.714, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id uAixvTgzxKg5; Tue, 22 Feb 2022 06:00:24 -0800 (PST)
Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com
[IPv6:2a00:1450:4864:20::32f])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 53DE73A11CD;
Tue, 22 Feb 2022 06:00:24 -0800 (PST)
Received: by mail-wm1-x32f.google.com with SMTP id
az13-20020a05600c600d00b003808a3380faso1935571wmb.1;
Tue, 22 Feb 2022 06:00:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=message-id:date:mime-version:user-agent:subject:content-language:to
:references:from:cc:in-reply-to:content-transfer-encoding;
bh=20q9VoYithtWU5AG+7wKhanECjE7JQJOcuFx+i81gd0=;
b=eApERc8FSIPmNhpWPre0fpwTmDIkIPc9/yGyDuCNxMiYoAHmv+1XqDSGIVIRdkUYIk
ur9fWe6i+1OfawkdX6+mu2OTe57qoYOE8kFYxz17o8LTeng1gYWuPachVTFHCduy9NQW
4p6ZeDpAROo+RST0plCGI4PbUAczMIK2XQZAX0+3ckGRO1bGb08iaET9j+PYlACs+C4V
psFJT8AE9CA7mWf8bjTe6Mz4g/tI1crUfSk98JCe+oxYc6LE/2UApZmeSw9Q7uvlxxFT
kqoICz8zHvF3New1n5dHxaeFLJILJq34QgeyCP1UDDpdNfWHqiltlQEbiX1j6jY0FG4x
BGsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:message-id:date:mime-version:user-agent:subject
:content-language:to:references:from:cc:in-reply-to
:content-transfer-encoding;
bh=20q9VoYithtWU5AG+7wKhanECjE7JQJOcuFx+i81gd0=;
b=cfo7m9g4v7A6EGPxqUjIXkpjC/G2BzDnl56DKSfZnHm1TK04VcUFIW5aFsNP6oJmch
yyDRdYZbHOn4XfqXj98TqSup6SrAilwu/SzoBoc1xjM8O8HGrg4Z83pe1+5TT8iNFSUN
TrQUYnmfJILXWh4Gn0dZQyVxtm96qkMm1cQ5QqQG2Nf+bpCoUAx7yNSMAJNRWHIyhmyG
p6VlBshM8E+Acjj43RyF4jf8abbpzjy+XJ/TsnVGflz6r7ix22LRLtls5mDDceRoMZpV
DwMN5tZPSwaVWwGGycLXzHPDIO+15vP1Owg5Nxcy+hqYCfGlAKiJUdKVjjNRviWHBWO6
jIRg==
X-Gm-Message-State: AOAM531wLnFzNH3iCKwcK/+Oi/HkzLBCIIZkFWJAYaOZI2T7l0k3UsXU
tHDNfC1ThO/ru3QDubpJcmK00PjZ9qE=
X-Google-Smtp-Source: ABdhPJwSrImb5G9/NcYNZ06xbRsSRxsQX7oRc/SkAJodUiuFOYwsK60cKDJ68mvEjNYIGEcMs4cTXA==
X-Received: by 2002:a7b:c409:0:b0:34d:4775:4961 with SMTP id
k9-20020a7bc409000000b0034d47754961mr3488198wmi.44.1645538422050;
Tue, 22 Feb 2022 06:00:22 -0800 (PST)
Received: from [192.168.1.67] (25.131.146.77.rev.sfr.net. [77.146.131.25])
by smtp.googlemail.com with ESMTPSA id c13sm53518833wrv.24.2022.02.22.06.00.20
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Tue, 22 Feb 2022 06:00:21 -0800 (PST)
Message-ID: <14c8d106-3b4b-f973-94b8-018852ff4769@gmail.com>
Date: Tue, 22 Feb 2022 15:00:18 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
Thunderbird/91.6.1
Content-Language: en-US
To: Carsten Bormann <cabo@tzi.org>
References: <e8995f0c-ad85-f702-da6b-051ffdc4cb08@gmail.com>
<DBBPR08MB5915B874FD16107A7B0105AAFA3A9@DBBPR08MB5915.eurprd08.prod.outlook.com>
<1a16c80d-40cd-baba-b1ce-2033dd0db294@gmail.com>
<D22D0D63-F76C-48B3-A034-F8B5B2BB6005@tzi.org>
<2c8be442-9899-d117-155c-f6f2096b7055@gmail.com>
<92C7CF7C-ED23-41B3-AB32-8438C4C88C20@tzi.org>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: "rats@ietf.org" <rats@ietf.org>, "cose@ietf.org" <cose@ietf.org>
In-Reply-To: <92C7CF7C-ED23-41B3-AB32-8438C4C88C20@tzi.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/i4PVYpxgSfCA2XozA8uTageicko>
Subject: Re: [COSE] [Rats] RAM requirements for COSE/CWT
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>,
<mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>,
<mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Feb 2022 14:00:30 -0000
On 2022-02-22 10:08, Carsten Bormann wrote: <snip>>> On 2022-02-22, at 06:59, Anders Rundgren <anders.rundgren.net@gmail.com> wrote: >> However, due to the myriad of CBOR serialization options,... > > Not true. > All widely used serialization formats grant the encoder some freedoms in encoding information, CBOR is not different. There are no “options” that need to be chosen or known to the recipient; there is only one CBOR. Dear Carsten, I have absolutely ZERO interest in criticizing You, CBOR, or COSE, I'm here to point out a problem which I have experienced both as an *enthusiastic* CBOR implementer and as a reviewer of various drafts. The WebAuthn/FIDO specification details CBOR serialization requirements while the EAT draft specifies multiple alternatives. There must be a reason for that. To cope with (and potentially enforce/verify), different CBOR serialization variants, CBOR tools typically provide options: https://github.com/peteroupc/CBOR-Java/blob/master/api/com.upokecenter.cbor.CBOREncodeOptions.md Anyway, it has been a while since CBOR was conceived. In the mean time, Moore's Law has kept chugging along nicely, making previously unimaginable things like Apple's Max Pro chip with 58 Billion transistors a reality. Obviously these developments trickle down to constrained devices as well. The proposal is simply defining something like an "I-CBOR" that could serve as the foundation for future standards like EAT. "I-CBOR" would (in my take on the matter), be CBOR's counterpart to ASN.1's DER. RFC 8949 is just fine, but it doesn't take this concept the whole way: https://www.rfc-editor.org/rfc/rfc8949.html#name-additional-deterministic-en Cheers, Anders > >> CWTs suffer from interoperability issues (*) > > Not true. Pure FUD. > >> making JWTs a better choice for *ubiquitous* usage :( > > No > >> By *mandating* preferred serialization ("I-CBOR") you can achieve the same >> interoperability as with JWTs, > > Nonsense. > JWTs don’t use deterministic encoding, and neither does CWT need to to. > >> as well as getting away from the need to bury data-to-be-signed in byte-strings. > > Detached payloads solve that particular problem (if you have it). > Note that “burying” in CBOR is a simple copy (or reference), while JOSE needs to base64-encoding everything, often in a nested way. > >> Such solutions can also conserve buffer RAM in the case RAM is a scarce resource. Yes, depending on the application your mileage may vary. > > CBOR saves RAM compared to JSON here. > > Grüße, Carsten >
- [COSE] RAM requirements for COSE/CWT Anders Rundgren
- Re: [COSE] RAM requirements for COSE/CWT Carsten Bormann
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Hannes Tschofenig
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Laurence Lundblade
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Anders Rundgren
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Carsten Bormann
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Laurence Lundblade
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Anders Rundgren
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Carsten Bormann
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Anders Rundgren
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Carsten Bormann
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Laurence Lundblade
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Carsten Bormann
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Laurence Lundblade
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Carsten Bormann
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Anders Rundgren
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Carsten Bormann
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Anders Rundgren
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Laurence Lundblade
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Carsten Bormann
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Laurence Lundblade
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Michael Richardson
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Laurence Lundblade
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Anders Rundgren
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Laurence Lundblade
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Jeremy O'Donoghue
- Re: [COSE] [Cbor] [Rats] RAM requirements for COS… Carsten Bormann
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Laurence Lundblade
- Re: [COSE] [Rats] RAM requirements for COSE/CWT Anders Rundgren