Re: [COSE] tstr values for kty, alg, crv, etc.
Jeremy O'Donoghue <jodonogh@qti.qualcomm.com> Thu, 05 August 2021 10:48 UTC
Return-Path: <jodonogh@qti.qualcomm.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D948C3A094F for <cose@ietfa.amsl.com>; Thu, 5 Aug 2021 03:48:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yy-cajzBl4cD for <cose@ietfa.amsl.com>; Thu, 5 Aug 2021 03:48:30 -0700 (PDT)
Received: from esa.hc3962-90.iphmx.com (esa.hc3962-90.iphmx.com [216.71.140.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 678763A0958 for <cose@ietf.org>; Thu, 5 Aug 2021 03:48:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qccesdkim1; t=1628160504; x=1628765304; h=from:to:subject:date:message-id:mime-version; bh=CSTLizqSwvuK/yjO800G45V9/w8ETEiWqE27if0+zeE=; b=2HlLVzFuPhqk9yyTVj918IllnimKe8GXvAsRx/9BbSXmskpq9hSAw1WM bW9KVTNy60be+H4YEVlzqu+1AQCSOqYqCet7TrXKKJ18FMftL2sgjzSPx yaQSNK/WZwPttlGjY4bvCmVyc9g2Hk2VL70t1njodpn6bjsZzlhuS46nK M=;
Received: from mail-bn1nam07lp2049.outbound.protection.outlook.com (HELO NAM02-BN1-obe.outbound.protection.outlook.com) ([104.47.51.49]) by ob1.hc3962-90.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Aug 2021 10:48:22 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X8FRBhQRqFt4C7lryUvvBEJPo6Y/9l4R+lygmWiVx8VFViJ9VDrGbyIG9KwNX/XMcyM/2FJdFVKJ+/1UDxezlpHsZCYdkyjXRSv2lcybPMbSlFXvEIo8m7xeXgpJ3Ml9SiqJiEpy/QP7rQTrTQsofvZdKHXFgiYo99n5aO852kjm4kPQnxWbXAYfLwN9rhmzqG+3cInGNAf8I62mtEro35MKfDOhCA+zn1Wmex+ChyQZzdxeY+oo/s7Ne1DdW29qLGksgouwVPApY/PBT3gH2SdGaNaGAD8Sk89f6sve2nIhVGpD9Wb+jObVZnJXFX7uJdLZmXClKSptpIQqnxoFsA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lhiRUj3sK6LDfkDir/1OOwVByDS883SZiXxxnELxHic=; b=k4CxspJWj/nem8CG3CRU+Dg2s99I07Mv95HXDAczG/Smo/DowxCK32qS+KMFsFjlwZvIrTRhk1RzEQKBTcl/xlEZijFow6J2njR/WAOJNA4gkz4xRTrksP0/mkWY+SvVpzgvUn3Dco/AHN1O+4sY3GdlNXZuFrgzxfXJ5ZEAfsp8SX1nspNAf4G2/Q0fvKtMKglNDALQAO23BD7iJVMDD1GHPYLkkOsjfMzfW8fNJsYGnMJZpvvzYWnb6iKQLYe8U4Ps9235pk+Aemv/ipqO14dgUOQ2Hj5ITjqoLS2ZOhFvrxfMUv9ULz2IAaRfI9YkSng7dbhsO6z7fE0lHd8D4A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=qti.qualcomm.com; dmarc=pass action=none header.from=qti.qualcomm.com; dkim=pass header.d=qti.qualcomm.com; arc=none
Received: from SA1PR02MB8349.namprd02.prod.outlook.com (2603:10b6:806:1e4::19) by SN6PR02MB4016.namprd02.prod.outlook.com (2603:10b6:805:30::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.17; Thu, 5 Aug 2021 10:48:17 +0000
Received: from SA1PR02MB8349.namprd02.prod.outlook.com ([fe80::b0de:4d7f:8026:700e]) by SA1PR02MB8349.namprd02.prod.outlook.com ([fe80::b0de:4d7f:8026:700e%7]) with mapi id 15.20.4394.018; Thu, 5 Aug 2021 10:48:17 +0000
From: Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>
To: "cose@ietf.org" <cose@ietf.org>
Thread-Topic: [COSE] tstr values for kty, alg, crv, etc.
Thread-Index: AQHXid+ArUTm21UMwU6Ubf7YloGzcA==
Date: Thu, 05 Aug 2021 10:48:17 +0000
Message-ID: <SA1PR02MB83491FC95E4DD2F9450645C5F2F29@SA1PR02MB8349.namprd02.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=qti.qualcomm.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2c9f1859-1ef6-4416-45d9-08d957fe88df
x-ms-traffictypediagnostic: SN6PR02MB4016:
x-microsoft-antispam-prvs: <SN6PR02MB4016346C42CDBA84B5CCC4CFF2F29@SN6PR02MB4016.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: HNeQdOqiwz4mowHzsaWA/xmILSlayFDLLLGm5wZ4y+KcFPyoc9j6wuGDH69QdDks+7CLqCmawkeb7Kh5v9W3WsCEPf1KNiWFgqJ5f7BVhwcWmfmchB0q620MvT2kiBQyJB48yK+uaEdo4NKiWZKXLRa8RbNi7DirevCpRy1VldzHYYTdGu3M+mYQQde1FvdZCxLlh7UjqXZ7lmu897VkdUqDViqnOwfW563yXafw7Ix434dCsVKgm5UmXN4jq2T725AcUr2IMUFlrFzOXlKZAb2y3GP/90DgA9N7lqzRGTik77BCiYnGIMLlItgoKK/2HrLHSNMkeOHn4Ww65GDF6745aglUgejUoWzNlZ616Ql/hNcS1MYz0IbsbYDP9FMVcF5yhvmfVrMU/sLfo/ZvjgmvqiSE+B2cXRj47El1Bcd0aPxnt5zvcpu8i3QWsrxnAlBXtUwMJ9xiY/7Vs3m93k5BdjknH2fFHafAZ0fWHGPqblOfRyuyV7CLw6u1ZRecrI2ENR84b6+l4rIFHdPbKM571AS08g5m8hG+bDXa/Y2lJM3dgTjN7WvoU4dYQrZPFdl55VDN/ud8efGB6wFvYBOPSas1ken/njy7PhIg+c0tBgF36Uc5EIWkX1qY+C1BsvTYk5TCDxagxVPeK5jAa1sgVsNmDt2KMHRcM18ZbpYo6Yv4iLL/s6rgG8KXAqWEi0iGZKkbym9HX5oIeiWiMhAnfEcecHwtflNqxi4u6yH79EWblNS8vU662WP+fq2z//fjEAP2QwiK9znyNXl2TAD5yBTdrc1em642eUiPvvc=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA1PR02MB8349.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(71200400001)(33656002)(55016002)(5660300002)(9686003)(2906002)(508600001)(52536014)(166002)(91956017)(53546011)(316002)(6916009)(122000001)(6506007)(66446008)(38100700002)(64756008)(66476007)(76116006)(66556008)(7696005)(66946007)(966005)(83380400001)(186003)(8676002)(38070700005)(8936002)(86362001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 4aYPwpobSwxP71fmy76a+I6UBQB9BbbIIS58mXzFV+wKxhPcEWWKdRSxpPNYIp6Mk0PASQcJZ6QX3miN4s0vTacjqqI6cZ6yvnj5JH3NCVR0eOAcYVpcZ1Yxusknk4UYmg7KZib5zoJ7x971nlV+pMCikuruhNXLEVh01t5Ml+Vav8uJHnO7Bh9ZkDiZ0Ehba7dL6NH1tNmoMOBFIdh1/zOlQn9AT/tl3E5X0uKyYviwCLma93LJ/PbDQT1NcNMdaKUrxXgfsb5B2GtcuCaqopfa21MzZIKWjkGhCoSsvSewJgzQ2lukWpgQraF4ierkwMI+eb6OlnG9hIK/7Arow1PJ3H0UQ7FaviUsxepT59asR1EF8jJPS+Ob3u8ppbGrOvyKthsnMeBoKZJXIjfHkSa5wkve4upIvA1MGhkciw1mzi4LD0Y65IlomqrV3KfaIA/6XilBDYYfJzyz5t5nkZl1D/dOQuqud0JH8XhCaFAbZC9rEQLmRnc+SQ+uNKZ9nM2C59ySVmQiEq4LquaTTdQBjJr242jauo/t6hyIPRVX8xLBptIAqOL2U/1age6B8rUGG8MFnzc6C3zIG3IgydURl3vtUo2snhgSqRk/kIOxCv3qxS3Aa7AbzPQpQ1vZCP0d+xqxOnm6kwCzT1VOLPQ4MWWr+GjPg+uoHvYouL3cIDDqfNtT8vpOo5lc65Api3cOsHgbXDB86/pLZNuos26LyacxKueP6eh2j3lzIvftTbozoHSr/fAvQLsKa6pO8KwTs8l/eU+IGtHiESr/KDUOllRyOS0sDpOf9wau/dv49taV7vgi2jpjoiYlImMYtFQF9D7Tiq1RoeyHTEU/PRxY9imAzmtU3m63UFQjj7xIvOClX0y9b50++CXD2N9hx7xlEsJeNQyzKej0sU7FgR2kte30ifPhSFn2cCSN/xHnQbXpR36QxS0w30QKM+JFPZCKQ74nBXdtF5A+fgcTG0wXnnee+caGQPcn2bs1CShEyLorxx2t52+vk1LubLgn0GRvDPQEzGsX2LGUNMAY2uavea23nLLZ3RwmUsau/Lk9LoXFKL68GRZ3+9Ib2j7AjMlngG8kT0rRBhHzQ9M58C5L0UVMullF9WDe0qfaaa616nvrgZ2JMUrvIaD0KuyeSeVSTqwLUVJI/v5xBa7HiOX9mcSWvqpiVDgti/boCMYSC1okvoDyzYs6lWoUTba2zTb3giNAuAWPimQckFBGZaimV/S5l0FHOPCPo2uhAalYQpEUP0lUz5z1Jz2zK89ZPAHcHWgkk8f/gxozZ7Y+TjnuuuQ4EcAuPwtCp0id9SwWOfYptnoxrWoVT6glRA0siK03fKKSGuOYBo9Wyrk/TOQ70HJcNTaG61IAlRriHGERltkbX56IiarywnBdIYvutg3wb3g/3htF42GSa0bIQg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_SA1PR02MB83491FC95E4DD2F9450645C5F2F29SA1PR02MB8349namp_"
MIME-Version: 1.0
X-OriginatorOrg: qti.qualcomm.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR02MB8349.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2c9f1859-1ef6-4416-45d9-08d957fe88df
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Aug 2021 10:48:17.7905 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 98e9ba89-e1a1-4e38-9007-8bdabc25de1d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: mpgSGTAIDvjwB7RT8GFWi1AelQKjRqTNx3B4/uahom8wVvez8zyOqIcAkhb0V9IdjSvXhCSy43iOzWC0FPbPw95qjd2CFerhfj9rh0BKlxY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR02MB4016
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/k0tkpAm2TEf_mYVi4n0iqGMR830>
Subject: Re: [COSE] tstr values for kty, alg, crv, etc.
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Aug 2021 10:48:36 -0000
Hi list, I agree with Laurence on this. I work on platform-related security standards at GlobalPlatform where we are using COSE quite extensively. A major use-case is highly constrained embedded targets where the benefits from eliminating string handling are considerable – many such platforms do not have a heap, and minimal code size is an important design goal. I prefer to see the option of `tstr` labels removed if possible. We do have a 64bit integer space for algorithms which should suffice. If this is not possible (e.g. for backward compatibility with proprietary implementations), at least a note to registrants that integer values are greatly preferred in some implementations for reasons of code size would be helpful. Implementations could then decide whether to not implement tstr support. Best regards Jeremy On Jul 28, 2021 at 20:50 UTC, Laurence Lundblade lgl@island-resort.com<mailto:lgl@island-resort.com> wrote: > Yes, I much prefer int labels for a small C implementation. Adding support for tstr labels would noticeably increase code size. > I hope no one registers a tstr label. It seems unlikely because algorithms are relatively hard to invent and vet. > LL > > On Jul 28, 2021, at 5:47 AM, Carsten Bormann <cabo@tzi.org><mailto:<cabo@tzi.org>> wrote: > > > > Hi Daisuke, > > > >> On 2021-07-28, at 13:45, AJITOMI Daisuke <ajitomi@gmail.com<mailto:<ajitomi@gmail.com> <mailto:ajitomi@gmail.com>> wrote: > >> > >> In my opinion, the tstr type for 'kty', 'alg', 'crv' or 'key_ops' is not necessary because I think the major advantage of COSE is its compactness,but I would like to know what you are assuming as the value of tstr. > > > > The registrant gets the choice between a text string and an integer. > > > > https://www.iana.org/assignments/cose/cose.xhtml <https://www.iana.org/assignments/cose/cose.xhtml> lists the registration procedures for certain ranges, e.g.: > > > > https://www.iana.org/assignments/cose/cose.xhtml#algorithms <https://www.iana.org/assignments/cose/cose.xhtml#algorithms> > > > > Range <sort_none.gif> Registration Procedures <sort_up.gif> > > Strings of length 1 Standards Action With Expert Review > > Integer values between -256 and 255 Standards Action With Expert Review > > Strings of length 2 Specification Required > > Integer values from 256 to 65535 Specification Required > > Integer values from -65536 to -257 Specification Required > > Strings of length greater than 2 Expert Review > > Integer values greater than 65535 Expert Review > > > > So labels the representations of which would be 1+0 and 1+1 bytes long require standards action, 1+2, specification required, and 1+>2, expert review. > > > > It doesn’t look like anyone has felt a need to register a text string label for an algorithm ID yet; there are still quite a few 1+1 (and even a few 1+0!) values available for registration. > > > > I would expect that, until we run out of codepoints, the registration of text labels will remain an occurrence for special circumstances (which means we might not be prepared for text labels when we finally actually need them). P. S. Sorry for breaking the thread chain – have only just subscribed to the list (planned to ask almost exactly this question, and found the thread) and thus could not ‘reply all’. -- Jeremy O’Donoghue (he/him) Director, Secure Systems Engineering jodonogh@qti.qualcomm.com<mailto:jodonogh@qti.qualcomm.com> (Europe/London timezone)
- [COSE] tstr values for kty, alg, crv, etc. AJITOMI Daisuke
- Re: [COSE] tstr values for kty, alg, crv, etc. Carsten Bormann
- Re: [COSE] tstr values for kty, alg, crv, etc. AJITOMI Daisuke
- Re: [COSE] tstr values for kty, alg, crv, etc. Laurence Lundblade
- Re: [COSE] tstr values for kty, alg, crv, etc. Jeremy O'Donoghue
- Re: [COSE] tstr values for kty, alg, crv, etc. AJITOMI Daisuke
- Re: [COSE] tstr values for kty, alg, crv, etc. Laurence Lundblade
- Re: [COSE] tstr values for kty, alg, crv, etc. Carsten Bormann
- Re: [COSE] tstr values for kty, alg, crv, etc. Michael Richardson
- Re: [COSE] tstr values for kty, alg, crv, etc. AJITOMI Daisuke
- Re: [COSE] tstr values for kty, alg, crv, etc. Carsten Bormann
- Re: [COSE] tstr values for kty, alg, crv, etc. AJITOMI Daisuke
- Re: [COSE] tstr values for kty, alg, crv, etc. Michael Richardson
- Re: [COSE] tstr values for kty, alg, crv, etc. Laurence Lundblade
- Re: [COSE] tstr values for kty, alg, crv, etc. Jeremy O'Donoghue
- Re: [COSE] tstr values for kty, alg, crv, etc. AJITOMI Daisuke