IETF Logo Mail Archive

Re: [COSE] [Rats] RAM requirements for COSE/CWT

Anders Rundgren <anders.rundgren.net@gmail.com> Mon, 21 February 2022 16:16 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B764E3A11AD; Mon, 21 Feb 2022 08:16:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.812
X-Spam-Level:
X-Spam-Status: No, score=-2.812 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.714, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YU7rSFZb-cVu; Mon, 21 Feb 2022 08:16:01 -0800 (PST)
Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF1FA3A11A2; Mon, 21 Feb 2022 08:16:00 -0800 (PST)
Received: by mail-wr1-x42e.google.com with SMTP id s1so1557541wrg.10; Mon, 21 Feb 2022 08:16:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :references:from:in-reply-to:content-transfer-encoding; bh=HJcDOfChJs2Kj/7kXiTdkr6MmyKZSvjm+qDc6Ngeo64=; b=iqtjjZM9nEc4FXxGR4p6VLxX8d6rSaJPJUEksa7cWoYYdwV/0i7LrVEmriQfGX6Zi3 A/9+1cxmEk1iIJzI/pkinp7j34BZAbV8XZZ8XOOs6GsOQ8RqH7AV7as2oZuft51vq5Yj OsERMbngBVakPhqz5MVjju2yhQId5lepOdmiLz18J/KkMa3bgdvbdeVI98Ee0HXGljVR sogaKWj3IClZ0IJoI0aUrEvY5ykoYoSMHOSy/ICFW/3jw5nJ+MXu5UsvUZ24Gti39WIX ndenesPjY6IgpEAMmNm+HEGHBHKNm5QwpYkpapqh1kQKrcnopbulO5M/+bfl3p/rYj9Y AXWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:references:from:in-reply-to :content-transfer-encoding; bh=HJcDOfChJs2Kj/7kXiTdkr6MmyKZSvjm+qDc6Ngeo64=; b=Q9Z6NQQ/wtzJsbSnItGiZ6dM0TTGV9qpYxZeNOhBfaJsqGDsypaP0AKbD4zIGoIn9q 9HstMYLZwVfE/vOxMU+zJHRq8EyxbgJTwXy2vrqsMmYITyJIDNIeO7aaIvVXAUq3mJBL G7RN5NoXIB+5CqP/7v6/kDtPYDP324Rh1km3Yks/+K2Nlp/JqG7/Lh8oj86caKYaOeWn Sm5wC+3Uslpn7MiIFy/EKL1vlmochQo16fuGJGOgkRdZ3gYTAE+yGM7mKZrSD1nil+iS RJUXs+e2dnJhTZoZBy3rQFvcD/ZaazIbt64FiFrcLnU7GoV4o33SzdTdRbym+JaHZlhJ rOCg==
X-Gm-Message-State: AOAM533J3lIAJouNJyqdeJtSMaxckomz2UxzMyJQaFGUfC7Gme5sgWN6 NU1Nwsc3gsNkDR8m+4hx7WPFkMoLS9M=
X-Google-Smtp-Source: ABdhPJxD8RPWagEh9BLiIZmqWiCu/qgrcbE6XPy9gCPQX7oX7nFhX7FnIh2qYmPSevw4TL90JrV3KA==
X-Received: by 2002:adf:e8c5:0:b0:1e4:7c8a:21a7 with SMTP id k5-20020adfe8c5000000b001e47c8a21a7mr16628673wrn.516.1645460158383; Mon, 21 Feb 2022 08:15:58 -0800 (PST)
Received: from [192.168.1.67] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id bg20-20020a05600c3c9400b0037fa5c422c8sm1766080wmb.48.2022.02.21.08.15.57 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 21 Feb 2022 08:15:57 -0800 (PST)
Message-ID: <1a16c80d-40cd-baba-b1ce-2033dd0db294@gmail.com>
Date: Mon, 21 Feb 2022 17:15:56 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1
Content-Language: en-US
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "rats@ietf.org" <rats@ietf.org>, "cose@ietf.org" <cose@ietf.org>
References: <e8995f0c-ad85-f702-da6b-051ffdc4cb08@gmail.com> <DBBPR08MB5915B874FD16107A7B0105AAFA3A9@DBBPR08MB5915.eurprd08.prod.outlook.com>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
In-Reply-To: <DBBPR08MB5915B874FD16107A7B0105AAFA3A9@DBBPR08MB5915.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/jTyujggQU_AQ8MXAcOKfHGT760g>
Subject: Re: [COSE] [Rats] RAM requirements for COSE/CWT
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Feb 2022 16:16:05 -0000

On 2022-02-21 15:31, Hannes Tschofenig wrote:
> Hi Anders,

Hi Hannes,

> I assume you are focusing on signing the CWT (rather than also encrypting it).

I have (among many things) rather tried to figure out the rationale behind having a multitude of more or less incompatible serializations options for EAT.

Since I couldn't find any valid reason for using JSON, I looked into CBOR only :)

The rationale for https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-11#section-8.3.1 must be RAM considerations, right?.  If this is the case, PureEdDSA is also a hurdle.  Is EdDSAph in scope?


> The size of a CWT (with relevance to RATS) is fairly small and holding the CWT in RAM is not a problem. The example in https://datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-08 has 417 bytes.

That was my assumption also.


> I could, however, imagine to write an COSE implementation that does not require the entire CWT be held in RAM since the digital signature just covers the hash of the CWT and you can use a rolling hash.

You mean that only the claims (payload) would be RAM-backed?  That should of course work.

Using the enhanced "COSE" scheme I outlined in the GitHub issue, you would in some (many?, all?) EAT cases need close to zero RAM if you also use a rolling hash.  Caveat: you must beforehand know how many items you are about to produce.

Cheers,
Anders

> 
> Ciao
> Hannes
> 
> -----Original Message-----
> From: RATS <rats-bounces@ietf.org> On Behalf Of Anders Rundgren
> Sent: Monday, February 21, 2022 7:17 AM
> To: rats@ietf.org; cose@ietf.org
> Subject: [Rats] RAM requirements for COSE/CWT
> 
> Pardon the cross-posting...
> 
> A pretty strange subject line, right? :)
> 
> However, there is a reality in the form of constrained devices that in order to use COSE must either turn to yucky infinite-length encoding (https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-11#section-8.3.1) or create the entire payload in RAM, here assuming that the exact size of the payload in bytes is not known in advance.
> 
> X.509 certificates (that were created in a time when virtually all devices were constrained) do not suffer from these problems due to their reliance on deterministic encoding, followed by a separate signature item.   A further advantage of the X.509 approach compared to COSE/CWT, is that the claims are not stuffed in a blob requiring yet another layer of decoding.  However, compared to ASN.1, CBOR is much more "RAM-friendly" since it doesn't impose a byte-length over items enclosed in a map or array.  Concatenation is all you need!
> 
> I believe the time has come to seriously look into alternatives to COSE since it was "inspired" by JOSE.   CBOR <<>> JSON.
> 
> This GitHub issue elaborates a bit more on this topic: https://github.com/ietf-rats-wg/eat/issues/168
> 
> Thanx,
> Anders
> 
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.8.7 | Report a Bug | By Email