IETF Logo Mail Archive

[COSE] RPK by value in COSE / EDHOC

John Mattsson <john.mattsson@ericsson.com> Wed, 12 May 2021 13:15 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3C203A105C for <cose@ietfa.amsl.com>; Wed, 12 May 2021 06:15:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2RaXauPIl57A for <cose@ietfa.amsl.com>; Wed, 12 May 2021 06:15:51 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on062b.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1e::62b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5509D3A105B for <cose@ietf.org>; Wed, 12 May 2021 06:15:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DVTbfcla26/5Vmz/dw9mStmhLNfCWbXaKvY/cwOuEMmm4zvfe8Rl4QfdiyYmilYSnbtX0odHSh4PpzcfsVPodEIdsjd6RSp95s7EmZ32GZfK/PXrEHJCnKKJNOKQWzCWlepRl2z2bFKPAcFi6FyCAyohCTpL4q0Bg7Lsb7p+3Sj26s6oIRtUYlzHpcG2kNN61K3WEJJs8m4rn9/v4+8RtENINkAMDgDtiKUzMtstaehUH/yYsibbb7lttnzZJcMXsV3NM42mbc2wpZLFKRFe3uNQ1Pga38M/j4OG78Bs0y6ucl8L4ie50mw3l7X6o+2As48EbAE6zn4lUSqoYLoM0A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xUrdNf0NnJN8L9w4+g58cLPRXrwdjsjmLRIeuW5RZCo=; b=cWLr1ONJ7kOJP90UNNydohGghBJkP5lsxsv/yfPWoO1pK06lTPk77j7ws87ZReOeTWMYZVtkLXm/LKHrwf2xjIMzNFmSZqQH7fnLCAgwjIQT4sLkZGxg2sCmuGGVSrEYxmFQK7EVTE9iazx4G2+bl4dRx75AYa4WmOmlJFghw5DJ+ClyW7wJKeGbjGmbammngI+r3lAw2s+506siHDoLzHJzl/xzmPoBMWJ/rYa+vFTtMV5uryQtZGo49SArD7d4Cft6Jg4Z7Ly3nP6wXROx9IXLROB6wOqP/nDM0U2AqKqiii41BDMaDfPBilzGVMCdCVcNhwvcAEJCaKSSYdrl5w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xUrdNf0NnJN8L9w4+g58cLPRXrwdjsjmLRIeuW5RZCo=; b=DrKSXK6OclFubhIz4hcuQuJGePYVnbzxOJtBmRUE2EvisSNjfR0Cy019F9yx0lt1yJiVQQuUaYuD1mTUqPGYupySZzQEQSDN1BIrdDuAfRyoVrBreGotMmIl9FcMmwLFXq/Ojk1B98PTfTOWzJy+kQ5wvXcKlFLLKZsO5ILc4Og=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8) by HE1PR07MB3083.eurprd07.prod.outlook.com (2603:10a6:7:2f::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.23; Wed, 12 May 2021 13:15:46 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b071:a4a:817d:2d3]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::b071:a4a:817d:2d3%11]) with mapi id 15.20.4129.026; Wed, 12 May 2021 13:15:46 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "cose@ietf.org" <cose@ietf.org>
Thread-Topic: RPK by value in COSE / EDHOC
Thread-Index: AQHXRzDrRUtD5hBDy0a1E6rlG1c+3Q==
Date: Wed, 12 May 2021 13:15:46 +0000
Message-ID: <7486DBF4-809A-447D-94DB-D32281711E7F@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.48.21041102
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [192.176.1.87]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 117de295-475e-4fad-a5a3-08d915480e11
x-ms-traffictypediagnostic: HE1PR07MB3083:
x-microsoft-antispam-prvs: <HE1PR07MB3083B63D35825166970C55A689529@HE1PR07MB3083.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ovlhnwcnolpF29UUq9PbcAPyYJKIJueNmrxW1BYmC31/vdGDG6MNrtIV7/3flGXJRsuzcIdmSQULjcf4Ly1YqxZ1kyiDcnFqAd6vfb3v6pL1770wltOt4TPRYsyb/exs5Kb6qf7fL2oa7EXDMuqd6UbEjrr5RyC+VK8tfObRASqwc4PClK3V/znhMD9dC8lZ2dlHe8+WOYHxr3FPqQvnRo+fSYNrumNS+mTOWhv85B9Ik4/k7/G5bTWG1GMjTjiblvbfsv2H5sw0Q3DWY+eozYRQ0JJFVfL+Dg6E9+8G0MOvCMSuRfkLf6wg3GxSnWrCfsCl63Y+W+7t+7EwFMdbU8IKjGPXChm4cYMZLpp1hJ0gLVFIClTDiUIO02eSf417h6+B9uFakNVx8rfmYj4McwgcyRifk4mvrLMRPDGMKqmFCGtIoNEiiDguZqZPPzHEEvFW+3Wo8On79IYJEAovOraJNXi+RPkgdz6B9OtjDTzB5LzNU6tQx0w+Z0Rze9Kw4aYCpggD+EVxIp8nE3+ryr2/m1ei38fPVtdYOlhR++R2Q6Rd9UZEClxbuX102wiVmSche9qCJvB4dFMdfGqX6vvf60iAcfJEoiS7TkljCocayu8wYoNS7LYqrsKSBvD+uoaV9Vj5EYYx6vleYKMSkZPNdBro6EXlFCw91tQtWW0/qe63mle+W8Zu2cRSkEQq80jq9wCMNIlCiISr/RlwV6RUHr7KTA8MTAblyDs5QqE=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(366004)(396003)(376002)(39860400002)(136003)(19627235002)(36756003)(66476007)(8936002)(66446008)(66556008)(64756008)(5660300002)(66946007)(71200400001)(26005)(478600001)(6506007)(316002)(86362001)(8676002)(6916009)(186003)(83380400001)(966005)(33656002)(2616005)(6486002)(6512007)(2906002)(122000001)(76116006)(44832011)(38100700002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 6ek/fhU0YRpyCnpS9nqSzI38pKl5hZxGDY/vA4PKHVWwJA+Ops5v0fidB1eLHC238pDNyuOIZbPALz0FCRaKZpIL/blgDHNn0748bX2VBqrShN1i3fVmh+PO8E1pLBQsrR1L/tLAsyqQ67UiMFNWaTQEdeqzcQiFbM7xUa5fwofGjrSrIaKzOctPQ2AXCF+U3fda58n0DbkbWT+oY6Kc+v9zhUTnH+iWG/A+zaouEt9c3epnALtyGTWaehGb3h0CsElT3XL8RIv3vaEeprRYIIeYAD+CY9YYYQ5VG0tFls6C7hOwoNNowNItDGBi0c8BNKTS7pPR7acfZxXA5o8P8bmgsGTCQd5K3TbWW3ylvYcHB1w0N2pT7mn81cBaPb1hCFNirAk7NC6CCtwQk1zcc4JeKleeZ6NMsfVuJe5LnrhQaZF/IpNuN1isyjnqJRlGwlViIf5OJxoAdkbxL0yvNTJwCLaG1fgacIeG0zvHcLewmXbniv5wfFSXlJBPBqI+UnEAfBl00GJrte5qTX/yvPIqe1wc5YF/v687Epl2U0KKF4lEI7WM5Dln1JW3irJqkVJVbqqZ1Rg913GR1wUI7VleTN9Noscy6YW2mP06fMPglzpV7r7Jq/vWTL/Bt2SSOchzGchyqIU9eIGcvjYYf/pGHqZb/kof8gu2urlDY84ZJXC996Gq1kPtrKFXOdw6VupHWPOiAf9evZ6Tn5aJJMzIH2XztJIhLBySNlHEIThny0cILGJ9cX+Z0D7n41H6BEY0lVV0WTviUwKHI31ATV7sPqCgRdi7DP0i7YNPLx+JAyavbClZEFTcCz00bpFCMFszYDfTRGM/vpYrimjRVuWLDSn0bHaCAGKJ8iG1eznzPkBZuXkYeZelmWYHdve8r5Pu3KFal/l3E8JS1exOiEI6gdWO+XA8KnlDofeW9c61rvPtWRg4tG0LBcj7wGrXXuF+ZmdNzuSpdRVG9w0ecEoqBM+ZrcMt47QBHX5aZZoU3JWz+oZVRaRZfd66elL/YsoCMz3N+CFLzXdVgnqmJKVFDXA319zGVplsORbypBBrhfMTv5biJX8Qb9qfm7DuhnEFtxoKLF5QUVYTVOHZA+atxOXGBB7mva5ooJpJkpHNiZHyUtCHHo6sKElLvC/OzHc5WC/rQfTSNoWrLmL8RQO85wdl/qHmLMzcr7OafCgTO0p9MtOiQj+x1xIzxyjhJS4HaETUCfnio7IfP/ygCl8W/qbY+oT8PIKQjDR538TUrfIkAU4g/bGJ6Ctm2PUCgJZpYJvPaNKLvi/AnYFTJQDdQvQi8nYf892WVCQXg1zl5eOQBCwfEg4JO+3QZ4hA
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <4B7811A6A597E34B8E22A266E5F30E05@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 117de295-475e-4fad-a5a3-08d915480e11
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 May 2021 13:15:46.6522 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4QL62zbyA553jp7KoFeLKFZbzFnmDzTNzQJ97v3vEgF98oQ9QOcSW9Jufn5FFN1DL/kn29vp+/IHd6YQZ+w8JyMVh/qrD9iZUoqujZ2guOY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3083
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/lurAxbHe-KiuMS7A37X2zYSvjKo>
Subject: [COSE] RPK by value in COSE / EDHOC
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 May 2021 13:15:56 -0000

Hi,

As stated in the agreed requirement document in LAKE weighted the initial focus of the LAKE WG shall be:

"RPK (by reference and value) and certificate by reference."

https://datatracker.ietf.org/doc/html/draft-ietf-lake-reqs

RPK by value has been requested by several industrial partners interested in using LAKE.

EDHOC completely relies on COSE header parameters to transport of identify credentials. I.e. 'kid', 'x5chain', 'x5bag', 'x5u', 'x5t', 'c5c', 'c5b', 'c5u', 'c5t'. It would be good if RPK by value work was done in COSE. Alternatively LAKE could specify the new COSE header parameter (as long as COSE agrees it should be done).

Two main options for PRK by value. COSE_Key or a slim down version of C509 without issuer signature. Both have some benefit and disadvantages.

- COSE_Key is available in COSE Implementations

- COSE_Key was not desgined for transport on the wire. But this can be fixed.

- COSE_Key lack header parameter for use by value

- EDHOC implementations will likely support C509, using both C509 and COSE_Key means using two completely different key formats. This means additional code and that key_ops / EKU needs to be registered twice.

- COSE_Key does not offer any additional functionality like validity, subject name. COSE_Key only supports very limited key_ops. Subject name is needed to align with SIGMA. Validity and KeyUsage seems useful also for PRK. 

- More of less same size on the wire.

Some examples of RPK with point compressions below:

COSE_Key
------------------------------

{
  1:  1,
 -1:  4,
 -2:  h'b1a3e89460e88d3a8d54211dc95f0b903ff205eb71912d6db8f4af980d2db83a',
 -3:  true,
}

C509
------------------------------

TBSCertificate = (
   c509CertificateType: int,
   validityNotBefore: Time,
   validityNotAfter: Time,
   subject: Name,
   subjectPublicKeyAlgorithm: AlgorithmIdentifier,
   subjectPublicKey: any,
   extensions: Extensions,
)

[
     2,
     h'01f50d',
     1577836800,
     1612224000,
     h'0123456789AB',
     1,
     h'02B1216AB96E5B3B3340F5BDF02E693F16213A04525ED44450B1019C2DFD3838AB',
     1
]

If COSE Agrees, I think there are three ways forward:

1. New draft in COSE WG defining header paramerer for COSE_Key by value
2. New c509CertificateType in draft-ietf-cose-cbor-encoded-cert
3. Define 1. or 2. in draft-ietf-lake-edhoc

v2.23.0 | Report a Bug | By Email