IETF Logo Mail Archive

[COSE] RAM requirements for COSE/CWT

Anders Rundgren <anders.rundgren.net@gmail.com> Mon, 21 February 2022 06:17 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B2B43A0D2F; Sun, 20 Feb 2022 22:17:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JVDe_Me7pDkc; Sun, 20 Feb 2022 22:17:21 -0800 (PST)
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B6163A08DC; Sun, 20 Feb 2022 22:17:21 -0800 (PST)
Received: by mail-wr1-x42f.google.com with SMTP id f17so288651wrh.7; Sun, 20 Feb 2022 22:17:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:content-language:to:from :subject:content-transfer-encoding; bh=+kCQd0MHL4kgGKN2V7qQgclnwFcul9Wbwl32La0a1t0=; b=d4mn5iNQKeeZ29sPwjxjdeppuBSJGZB5xx+dVuDQ0pd5NbA2FR1odP4kqX/licjZwE C9PVwwt92XPZybqS6OZbJWCZ/jw96DY3aOe6VHuRGU7PaRuBoDg+NsNf/9fm2zMjX7pD 8JIgqQ8PQgGS4khbBwSbpcBVT7f7OODEFIbGRvum5Gq3Ay3SsGBeQpAycL6gjQZ1lEuW Hf7Euo6+H2r4JZ2xMRsVjlU0T6DnN8Vwg+XF1bVelCLXW3qdgSBfMx+KLr77KVDGYGqA 29CT8KeC8uiLFijGI2OhhGx+y9DKYK91HSQzL3alqxeeI0tAeNzieb+JIajiYOhO3JjL FJnA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent :content-language:to:from:subject:content-transfer-encoding; bh=+kCQd0MHL4kgGKN2V7qQgclnwFcul9Wbwl32La0a1t0=; b=t/2wLFzl+EfqQPHaMh6Pzge9V9Nf0UhhJvI/XxIU6OtsCzZY4vX4mUFbDGlbOcjIgW vG4HdCSWey2jypGXQPBCbceW6AlgG7tCrkLfovj3umDNMS/tJAK55RiPnU69fBhBbpYq iZyT7Wy9/azL6zSTqSxS5ZgDTLltKme0JOl/segdEgOLbOn+BSCngZk+kfNctJAKmJYk YR11IL1B7LN8AEHWYh2l9ijeEcVXXB7Gf34NUBGfcfroSLcapJ1D658N1NL9kE3sdpyk hxXj4pFGEhjUzU1Tux8Q/u+six49wO4+je5D1NEMEN8+YIqTjIarEOph3RzWZuJkBe4z xfyQ==
X-Gm-Message-State: AOAM533+6YTNHpH7GUS/9fv8SyXq+ShCu9P+MgLSJ6pnEuJgoCHg43M7 sPB771N4GIgF1aU2V8tlRzlcdCy2Yo4=
X-Google-Smtp-Source: ABdhPJwyx+bmKzaK9pIxc5rsG7r20uW4s2Iuolc+k1mqJdBKaZluLEnT8kvfsa46ub8Oa5au95P6GA==
X-Received: by 2002:a05:6000:180c:b0:1e4:a20d:1ad7 with SMTP id m12-20020a056000180c00b001e4a20d1ad7mr14935472wrh.697.1645424238120; Sun, 20 Feb 2022 22:17:18 -0800 (PST)
Received: from [192.168.1.67] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id a12sm34622876wru.99.2022.02.20.22.17.16 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 20 Feb 2022 22:17:17 -0800 (PST)
Message-ID: <e8995f0c-ad85-f702-da6b-051ffdc4cb08@gmail.com>
Date: Mon, 21 Feb 2022 07:17:15 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1
Content-Language: en-US
To: "rats@ietf.org" <rats@ietf.org>, "cose@ietf.org" <cose@ietf.org>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/kod3ybszBoKqxnzDpILpTE2ZdHw>
Subject: [COSE] RAM requirements for COSE/CWT
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Feb 2022 06:17:25 -0000

Pardon the cross-posting...

A pretty strange subject line, right? :)

However, there is a reality in the form of constrained devices that in order to use COSE must either turn to yucky infinite-length encoding (https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-11#section-8.3.1) or create the entire payload in RAM, here assuming that the exact size of the payload in bytes is not known in advance.

X.509 certificates (that were created in a time when virtually all devices were constrained) do not suffer from these problems due to their reliance on deterministic encoding, followed by a separate signature item.   A further advantage of the X.509 approach compared to COSE/CWT, is that the claims are not stuffed in a blob requiring yet another layer of decoding.  However, compared to ASN.1, CBOR is much more "RAM-friendly" since it doesn't impose a byte-length over items enclosed in a map or array.  Concatenation is all you need!

I believe the time has come to seriously look into alternatives to COSE since it was "inspired" by JOSE.   CBOR <<>> JSON.

This GitHub issue elaborates a bit more on this topic: https://github.com/ietf-rats-wg/eat/issues/168

Thanx,
Anders

v2.8.7 | Report a Bug | By Email