Re: [COSE] tstr values for kty, alg, crv, etc.
AJITOMI Daisuke <ajitomi@gmail.com> Tue, 10 August 2021 14:46 UTC
Return-Path: <ajitomi@gmail.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 888303A0E2D for <cose@ietfa.amsl.com>; Tue, 10 Aug 2021 07:46:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ip3GodhZf1qD for <cose@ietfa.amsl.com>; Tue, 10 Aug 2021 07:46:39 -0700 (PDT)
Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C46103A0E09 for <cose@ietf.org>; Tue, 10 Aug 2021 07:46:39 -0700 (PDT)
Received: by mail-io1-xd2a.google.com with SMTP id i7so26338390iow.1 for <cose@ietf.org>; Tue, 10 Aug 2021 07:46:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=yblDNKP1P7Ojnl145ylPlP3geISRPWHFW+P+R06iwyU=; b=Ux4Q+PJOpJq3mClhWa/xU8yO6kNMN8yJz3k5a8NbiR4NLLO4qI0nAXiPOyXee3Fkms 6KRXfSgkjvbZlcySSvtUpNtMO+Z7mKzrJL8fCNq0+W5CD90N3f3AxsKF5mYQI4n/LWqj k1k8OSUcm5nS4uaM6Hg/JrdZ5IMUyoxeiPY4uzmu/r15LXhEGu+oZRr1UmpQCIVrpoXf GOcN+2qgvQ9jbb6BUUfKIDdWgeP2Po4iWX0YG0tJef3k/lrQ1lsue9dlkKr1+c4D8C6a 4irVVsP8EgKVFB7NyhuvTEr5JCuJCWkYubIUfvQQ1SCSno23N85Dvly+lGAJkbbK6PB5 KrfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=yblDNKP1P7Ojnl145ylPlP3geISRPWHFW+P+R06iwyU=; b=XP+2Vb00eayCXFFi9Hft3Bp3ucOYCWs8spcNB3mU1FdJcMenCeDuHOWqyp2yleA8qk z1+a6FiKjG1h6x03Qoe6iYLKCxwrAVslpY7nOw4j52itVM4lvoTc4NTy8tpjNSkcscB7 ruuigzC2GBKPJCaWVyxLVybxadQKRdtS0n0K4Weyzv7fH+WfMOOk86Zhus1IIBy+0goz p5NVAEa3K8Xf8y2ayCXLNB0qRFfRF0e4viJdmF3la8Vot+MldLQkwealrTSRF5hmzIxN yniqBbbh9k1E9B2Ska2YbjJQetdVW6BA+j8gqzazrcSUOkhk2ddOg+zB89V794Xg12X5 oo9A==
X-Gm-Message-State: AOAM531rEwzbkmtpDChdWJz3jkz7AD+oakj3HJKjgVjwWA1VjOPWRpX2 yYpH9WYO2runlsBPqRVY9fU+Gf41DzuCE3WtqQ==
X-Google-Smtp-Source: ABdhPJw5TTlV4iAxFDS/99DAYJ8QbPN/WF4EuK7Cmk1d3VwWqOcSsuO68CBQs5qVuU5tWtR6dZf3eq3A74GyX8u4/KY=
X-Received: by 2002:a02:a409:: with SMTP id c9mr1398584jal.138.1628606797714; Tue, 10 Aug 2021 07:46:37 -0700 (PDT)
MIME-Version: 1.0
References: <CAFWvErXkR1vVNQFjn+rVCe8jaJ7DspBUq5kVJdGzonBU98Ctbw@mail.gmail.com> <78EB5028-71BD-4034-A9B3-340E206F1F90@tzi.org> <10529.1628538225@localhost> <CE55A0F1-96FA-4298-BF2E-731B9E49F485@island-resort.com> <SA1PR02MB83499E7A77BA35BC28D8DC53F2F79@SA1PR02MB8349.namprd02.prod.outlook.com>
In-Reply-To: <SA1PR02MB83499E7A77BA35BC28D8DC53F2F79@SA1PR02MB8349.namprd02.prod.outlook.com>
From: AJITOMI Daisuke <ajitomi@gmail.com>
Date: Tue, 10 Aug 2021 23:46:25 +0900
Message-ID: <CAFWvErUR+Heihz-bvGp38k8+XQ1J0-4QGshwaD4RrZHycen=Pg@mail.gmail.com>
To: Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>
Cc: Laurence Lundblade <lgl@island-resort.com>, Michael Richardson <mcr+ietf@sandelman.ca>, Carsten Bormann <cabo@tzi.org>, "cose@ietf.org" <cose@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a81a4c05c93591b9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/jT4TDuMlyHMnyHyhqLTkJZzoufQ>
Subject: Re: [COSE] tstr values for kty, alg, crv, etc.
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Aug 2021 14:46:56 -0000
> I understood that some people think that we can encode the map key for 'kty' > as both 'kty' and also 1. Perhaps my description has been misleading but, at least for me, it was very clear that we could NOT encode the map key as 'kty' and also 1 because the CDDL says that (as Jeremy mentioned). > It was that it was not apparent without careful reading that the “Name” column in (for example) COSE Algorithms is descriptive only and the “value” column is the one containing allowed normative values. Same as Jeremy, this is the point where I misunderstood. I think the problem is that the CDDL says "int | tstr", but any description of tstr is not included in RFC8152. > label = int / tstr I did not mention this issue in this thread so far but it is also one of the issues I wanted to address. As well as tstr values for kty, alg, crv, and key_ops, I think there is no need to use the tstr label. Regards, Daisuke 2021年8月10日(火) 19:35 Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>: > On 09/08/2021, 21:21, "Laurence Lundblade" <lgl@island-resort.com> wrote: > > On Aug 9, 2021, at 12:43 PM, Michael Richardson <mcr+ietf@sandelman.ca> > wrote: > > > > > Carsten Bormann <cabo@tzi.org> wrote: > > This discussion is all a bit short sighted to me. Sure, we can advise > against registering text labels now. But COSE has a long life with many > applications before it, some of which may be outside what you are > thinking about now. What’s the rush on disabling these? > > > I understood that some people think that we can encode the map key for > 'kty' > as both 'kty' and also 1. > > (section 7 of RFC8152) > [ditto alg and I think key_ops] > > I'm not convinced the document says that. > > > > [JOD] The document does not say that, but it requires careful reading to > realise that this is not so. > > > > I can certainly say that **I** made an error in my effort to implement a > COSE library, and I am reasonably experienced in reading and interpreting > standards text, so I believe it is an error others might make. The error > was not “encode the map key as “kty” and also 1. That is completely clear > from the CDDL. It was that it was not apparent without careful reading that > the “Name” column in (for example) COSE Algorithms is descriptive only and > the “value” column is the one containing allowed normative values. > > > > I am prepared to accept that a reasonable outcome here is that “people > should read the standards more carefully”, or even that “Jeremy should read > standards more carefully”. It does seem that we are too late in document > publishing process to do anything about this. > > > > Agreed. > > > > The CDDL allows only 1, 2, 3,...for the params defined in COSE, but allows > tstr for future params. > > > > > > label = int / tstr > > > > > > COSE_Key = { > > 1 => tstr / int, ; kty > > ? 2 => bstr, ; kid > > ? 3 => tstr / int, ; alg > > ? 4 => [+ (tstr / int) ], ; key_ops > > ? 5 => bstr, ; Base IV > > * label => values > > } > > > > Essentially, I think anyone trying to register tstr COSE identifier or > label should be asked if they really want to do that, is it really > necessary to use a tstr instead of an int: Are you just doing it because > you are used to JSON? You know that most implementations don’t support > tstr, right? > > > > Also, to be clear, you don't register both a tstr and an int for a > particular item. There are two ways of doing this, but not for an > individual item. Having tstr ‘foo’ and int 42 both referring to the same > item would actually require two registrations and would be the worst thing > to do. > > > > [JOD] Document doesn’t state that you do not register both a tstr and an > int value. I do agree that you should not. > > > > Perhaps a good way forward is Expert Review (whether with Standards Action > or not) does not approve tstr values unless there is a very compelling > reason why use of an integer is unreasonable or impossible. This, as I > understand things, does not require any specification change, since it > looks to be exactly within the scope of the existing Expert Review > instructions. > > > > Best regards > > Jeremy > > >
- [COSE] tstr values for kty, alg, crv, etc. AJITOMI Daisuke
- Re: [COSE] tstr values for kty, alg, crv, etc. Carsten Bormann
- Re: [COSE] tstr values for kty, alg, crv, etc. AJITOMI Daisuke
- Re: [COSE] tstr values for kty, alg, crv, etc. Laurence Lundblade
- Re: [COSE] tstr values for kty, alg, crv, etc. Jeremy O'Donoghue
- Re: [COSE] tstr values for kty, alg, crv, etc. AJITOMI Daisuke
- Re: [COSE] tstr values for kty, alg, crv, etc. Laurence Lundblade
- Re: [COSE] tstr values for kty, alg, crv, etc. Carsten Bormann
- Re: [COSE] tstr values for kty, alg, crv, etc. Michael Richardson
- Re: [COSE] tstr values for kty, alg, crv, etc. AJITOMI Daisuke
- Re: [COSE] tstr values for kty, alg, crv, etc. Carsten Bormann
- Re: [COSE] tstr values for kty, alg, crv, etc. AJITOMI Daisuke
- Re: [COSE] tstr values for kty, alg, crv, etc. Michael Richardson
- Re: [COSE] tstr values for kty, alg, crv, etc. Laurence Lundblade
- Re: [COSE] tstr values for kty, alg, crv, etc. Jeremy O'Donoghue
- Re: [COSE] tstr values for kty, alg, crv, etc. AJITOMI Daisuke