IETF Logo Mail Archive

[COSE] Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE Headers

Tobias Looker <tobias.looker@mattr.global> Wed, 02 March 2022 04:32 UTC

Return-Path: <tobias.looker@mattr.global>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 716B53A0FFB for <cose@ietfa.amsl.com>; Tue, 1 Mar 2022 20:32:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.399
X-Spam-Level:
X-Spam-Status: No, score=0.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URI_GOOGLE_PROXY=2.497] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mattr.global
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GX-sqWWsx9aZ for <cose@ietfa.amsl.com>; Tue, 1 Mar 2022 20:32:20 -0800 (PST)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01on20727.outbound.protection.outlook.com [IPv6:2a01:111:f403:7005::727]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7460B3A0FF2 for <cose@ietf.org>; Tue, 1 Mar 2022 20:32:20 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UPMvGCdD5PCLhdpv+nK47K5VY9SzMD/qcPK3jS1+eHhZNlZlSxtuM0R796VAKjNLOSerZ4LcTMBlbNPCY+NKDpFSIDjT9alihHJqYw0KdLvg1B5cPq86/2ZEJ9286ozKyH4SwhrAIc4HpIRQL6VpMFOj68CJDN6xWV/Z+wXQqT0e6vY/3URK14yP5Tcwxg68YpARd0jmoEezC2ds5nDbHauHzk9+GBQcTqmoAIV46xBe+0idILPFU44ONv4ZIDj2DTQXa8++ExoRd8MVBK0YD9utHgiXWSF4nlr29MRZIOYO4VPzNknYs2u10p0iZCEYU35WAoklj1hDHNcmRvdrRg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Eeeg9feHxIItRJPxKnkveSEtiiAWTRvlTyNOiurYxrw=; b=RiA03hECx8keFk0ZeE4XzZ87GM24ICSOrST/H9w23DtQHYYrs3wgOoywKX20OKT7/aNrbc3MHj4FsWW0G7Y9jlBfAxlwf4XDANl16bEeEAU96GYsMXxlIgFBwv2z55m4/JfXR6JLpFJEqIF9osu1ooDUkTaB1M5N1a7PWK4dZbvdsxud7PTwudi2FfY5fRkkstq83JX7zeH7QcvcSHS/U9vLHotfpAJ47wOvHTCJRN2Y3QF2ompuCKZtC7rtCj4qa9nOJ4hNd2VEsbleNGuUKsLfxy8BiiERc+zx/a6j5FXEk6XU59t0K9fsyptwTlyCUVMpRmbHxPObcns4cx+C7A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mattr.global; dmarc=pass action=none header.from=mattr.global; dkim=pass header.d=mattr.global; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mattr.global; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Eeeg9feHxIItRJPxKnkveSEtiiAWTRvlTyNOiurYxrw=; b=nYUd/g65rp81Exb7zOlyeBUUg8I/ftxry3e18RQAyB98ibmhajSj670W95/CCU5wTdjoLjuplIO/an+A6WjgFp7J/ik+Ar3S7s6c7a6UXgNo1c7LncyzWcZoFx51v7qYva03MMNfRiAIqJIMqr7Exwehnq+Hso7JOuxiaQPqeOM=
Received: from SY4P282MB1274.AUSP282.PROD.OUTLOOK.COM (2603:10c6:10:b2::12) by ME4P282MB1319.AUSP282.PROD.OUTLOOK.COM (2603:10c6:220:93::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.24; Wed, 2 Mar 2022 04:32:16 +0000
Received: from SY4P282MB1274.AUSP282.PROD.OUTLOOK.COM ([fe80::e5be:555c:28b4:86aa]) by SY4P282MB1274.AUSP282.PROD.OUTLOOK.COM ([fe80::e5be:555c:28b4:86aa%4]) with mapi id 15.20.5017.027; Wed, 2 Mar 2022 04:32:16 +0000
From: Tobias Looker <tobias.looker@mattr.global>
To: "cose@ietf.org" <cose@ietf.org>
CC: "mbj@microsoft.com" <mbj@microsoft.com>
Thread-Topic: Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE Headers
Thread-Index: AQHYLe2WRhRO0cNsYEy31uS81Xo4sQ==
Date: Wed, 2 Mar 2022 04:32:16 +0000
Message-ID: <SY4P282MB1274BCAC469DFE3B7284DFB29D039@SY4P282MB1274.AUSP282.PROD.OUTLOOK.COM>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mattr.global;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 793281a6-3c27-4dca-47ef-08d9fc05a148
x-ms-traffictypediagnostic: ME4P282MB1319:EE_
x-microsoft-antispam-prvs: <ME4P282MB1319CD24B06B106C10A107269D039@ME4P282MB1319.AUSP282.PROD.OUTLOOK.COM>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 1wKio9tMgGZys1FqjFTx8BGqnbXoPpSF/ngPmg4ZYJMFGxVRq8g0aiYk8o8E9ywmi7XA4edcvOfXkK7WLHuVD2ocHcf3WTk3/lV/2lzO3eek3VXOjblGKzb3fNtCMUfhlIRN27+zNzK8Sn2jDQTbGYKzchxZPCkiJyrL4vrI2SpaMVnR1YhqPXIUYYy4kqPWGixUkp6zzLUmGF0NERzYU6aa9bVXiBWYoLYA0Mnam5nXkp6SZ3JVQByF/TX31lTgqosNmAJDxreOX89TxW7XFkqzNJ0ISJNSK1kXrGSo44nZ+AdTbpUNdkPflSaaya2DcYyNGDft9909kxiiYEqva/thsMbtDZNAep4a62LqxiNa3UWYtPoim3yZIMM1mEewjF/FfCh89wx5WpMhF1OnSbwTHmqbFPjQ4CU70ZGHsMZzmh+zq7EXn4MhSMlxGkyQ9gVPkdiBVwYakMZNaRwdjDcj4wHNuVYx1paQBpMhEuM5jLNWXXafCx6kjnSdkXlhq3yj5/h/y4H8m6m0ULAewPLtElPRZfUY52Jgb/gJeb4n0Vp40tIpcjVATaBXmp5DskzXrrcXoyuecxjyd0bIExpbIwkG4s4e9RzKKCJXDsRWhudQ1OoeGFgPh7e3HXKYZqitpm7rJHqope83D0C61exEBzJ5QFXNGQFNe84WPJwH8XwXfJktYHVd9esQ7bqaaWB6sKljCMK4JXqQqedZ5eQ4zJKhG+DQ5VjttUSXaGil7AtcI+ZUinIe+Z/T3r6DtUVCuuvnnC9oKVNu4JBp4d+pwvdYmsKea5dhuVVkJtBWFVDH7u0UkjSgoIaR0z0+JDF+E9He3F8ukCYQyJUZWQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4P282MB1274.AUSP282.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(39830400003)(376002)(396003)(346002)(366004)(136003)(55016003)(44832011)(26005)(71200400001)(186003)(2906002)(8936002)(52536014)(19627405001)(33656002)(7696005)(6506007)(9686003)(966005)(83380400001)(508600001)(66556008)(66946007)(166002)(66476007)(38100700002)(38070700005)(86362001)(6916009)(4326008)(5660300002)(316002)(122000001)(66446008)(64756008)(76116006)(8676002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?vFTkG1mnlKSUvbrWEA/4BUJnX4tZqdEFjoULKBL/+vUJVITJ1/yBAKOEg+?= =?iso-8859-1?Q?hmp1ZnCCrZO5ICt0jZ/kgo2pbZOC9jPWkcla3bg0wTVAr1dVTVTEPbfGNu?= =?iso-8859-1?Q?nBlidR8o447KRjT6itfA/wdKLkIEzD1RVLh47V8lXj7YY3LC6a3jOg4X1t?= =?iso-8859-1?Q?316bv3F0pcb6AUOzUuvP6mL5QbIg9qAN71GOYJWMRo9Dd/raqf3IPdrZ/7?= =?iso-8859-1?Q?7MHsWOsucQEn96CDsWmBgvPoiCvUpzloGSo2+c2Sjw2oUx/O3vVW715Qum?= =?iso-8859-1?Q?Lye6c4MxrSqxY5wBrRvo+mcfeTYbXgYunuKwbRalIwDrtA56nugun+z6+v?= =?iso-8859-1?Q?+KLAbT+2h0HFrM7vVFrflwiDnIJ7qwgwmvHLmzMXb3Pjh/ckj02BkhddA/?= =?iso-8859-1?Q?MApK2p5SoXihC6KqckxchGv69jJ/yBzsuLOy7OQLZb69tHk22kqnsB9im/?= =?iso-8859-1?Q?iuktuiutPXYNeBNOkmmCjew7VnjnIsMKxPiOUxcE+eed+VY95/tTBixJXH?= =?iso-8859-1?Q?mz10Nhef+C+t90NDrJWUf9dbTYWarKUuDVGs9o029bBx6Kbrh1pcGLPSWK?= =?iso-8859-1?Q?sJzCx4wl4QPc9uEkNTteami2cF9lOBVFbCZiOasf2jYRufscaq9TL7HbRY?= =?iso-8859-1?Q?6U9IC/oHDVDsyQqDDTe/wLLtWJPXirfwRmhh3OXyK3x3PXJzGfHTrcYTUH?= =?iso-8859-1?Q?dlyID/CUmDmxT8FJvIvWYTV68xgOQZgEqc3sT1SE1I9tTkQQpBhNUZrmCY?= =?iso-8859-1?Q?yldkiKLBBDzbbvhtx5NdIqVs2cvQmTagvxRkkWOjYG8qTOlEJqEJUOJTDW?= =?iso-8859-1?Q?Ka6Ex3bay63Nb4h/z/wdmqTwKItenjEjPNMNdXLYGOHFvGnyZlVqTpcjg+?= =?iso-8859-1?Q?F6SEUS+lgZVAMt0OUCIJ+MUEhidB+EbtG0VJUAKvg1CTOBgyh4ut+lPkSr?= =?iso-8859-1?Q?awyByYRcJDQj10whR0HziryWIxgEJtXmuQMpHshOceYoOQJFRL4/Qv5tZD?= =?iso-8859-1?Q?xYK+hp0DWyL5VukPHegdBt87N2geB8BpxFU0ry5cqym9C20OLPOceeEU+0?= =?iso-8859-1?Q?Dl/FI9trTqjB9N1BDdXV3ITMm+jv7PbH6AM6/3ySM/JPXQ7FjyuS7Pm/Q/?= =?iso-8859-1?Q?SZ2AbMFODPHs4gTQng7bMySA9AB2tNubo5fCFCUw+bUWgHp57hGtAMWv5+?= =?iso-8859-1?Q?Yw4xNi/ypip16O/741ufApZX8r+fpqjsjRh2CcI+ZGULUC05WYowSTc2pS?= =?iso-8859-1?Q?VoZGiPinGWVnc3HJY+yY4iTlGpowvk/SGMn+ZdMQVtKiTPeTusmZV2Z/eX?= =?iso-8859-1?Q?QV75pTl+AVexLYnCWBQHvD7mSp2TPHclJ4QbSK9yJcyja+H9XSUVe23vt0?= =?iso-8859-1?Q?WujEFWYjoiF0lAtbvO3cBoqx3tarMjMMnNgDWVf0llSaIsJX5ILF/Z6WOu?= =?iso-8859-1?Q?nf1QxK/FfS3ago/i5KWnNNtU2FkFBLW5yBsCI1iXk28jZZNiSoYE4x8yBW?= =?iso-8859-1?Q?RsaCu3NxSdbr+xgWL+45WWW51N0MdVsOBgw4hV/rSsiBiLORBz9Y4Woqxp?= =?iso-8859-1?Q?oqvBrwN2EqmeFl8pWH4f2MufvB5NJA6rmtiOks5BwTZVRGXNadMe0TU4qc?= =?iso-8859-1?Q?g4pf6ttKT/MM/j3UwfdMexaj99EmH7d46W+rcign4Kf4CS6Zos5JvRJiov?= =?iso-8859-1?Q?8OYCOm0wopYV+SfG3QQ2RdQyN8yuA/uRnxk14WqbL0WsnnUjTK11NvWkWi?= =?iso-8859-1?Q?KXyA=3D=3D?=
Content-Type: multipart/alternative; boundary="_000_SY4P282MB1274BCAC469DFE3B7284DFB29D039SY4P282MB1274AUSP_"
MIME-Version: 1.0
X-OriginatorOrg: mattr.global
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4P282MB1274.AUSP282.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 793281a6-3c27-4dca-47ef-08d9fc05a148
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Mar 2022 04:32:16.0071 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c2c9cf73-6aae-4702-9844-02adab723771
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: X8J649SlK09TTtF3crCFbZGnrjPR0cq+SJTKpmwXyAnJyL8NMjw6HdhB+cF1zi0cwDDwXnff4CXfRLRIRrrU0tIp9E+QG+HQhCDfX4pbnlo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME4P282MB1319
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/n5Ri0zgI7TvJjxXzc_Ar5FXb06w>
Subject: [COSE] Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE Headers
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2022 04:32:26 -0000

Hi All,

This is an email to introduce the newly submitted draft titled "CBOR Web Token (CWT) Claims in COSE Headers", the current abstract is as follows.

"This document describes how to include CBOR Web Token (CWT) claims in the header parameters of any COSE structure. This functionality helps to facilitate applications that wish to make use of CBOR Web Token (CWT) claims in encrypted COSE structures and/or COSE structures featuring detached signatures, while having some of those claims be available before decryption and/or without inspecting the detached payload."

https://datatracker.ietf.org/doc/draft-looker-cose-cwt-claims-in-headers/

As covered in the introduction of this draft, a similar mechanism already exists for JWT and we see value in providing a way to do the same with CWTs.


Thanks,

[Mattr website]<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WeN4boYw%26u%3Dhttps%253a%252f%252fmattr.global%252f&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076709977%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tKqCMzLUQNCeORd908YqfqZoT7tCy%2FMVwXdjpch1sDY%3D&reserved=0>



Tobias Looker

MATTR
CTO

+64 (0) 27 378 0461
tobias.looker@mattr.global<mailto:tobias.looker@mattr.global>

[Mattr website]<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WeN4boYw%26u%3Dhttps%253a%252f%252fmattr.global%252f&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076709977%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tKqCMzLUQNCeORd908YqfqZoT7tCy%2FMVwXdjpch1sDY%3D&reserved=0>

[Mattr on LinkedIn]<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1SbN9fvNg%26u%3Dhttps%253a%252f%252fwww.linkedin.com%252fcompany%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076719975%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=t%2BidOI32oaKuTJf1AkcG%2B%2FirIJwbrgzXVZnjOAC52Hs%3D&reserved=0>

[Mattr on Twitter]<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiW1WdMte6ZA%26u%3Dhttps%253a%252f%252ftwitter.com%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076729970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=BD9WWyXEjVGlbpbCja93yW%2FzLJZpe%2Ff8lGooe8V6i7w%3D&reserved=0>

[Mattr on Github]<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fscanmail.trustwave.com%2F%3Fc%3D15517%26d%3Dw46s4eMXULV_ns1ZfAKYLbVKcqey_PHiWwGdMoDtMw%26u%3Dhttps%253a%252f%252fgithub.com%252fmattrglobal&data=04%7C01%7CSteve.Lowes%40mbie.govt.nz%7C5a65fe33c70b41fd8ba908d976f3a2f1%7C78b2bd11e42b47eab0112e04c3af5ec1%7C0%7C0%7C637671611076729970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4AhRuXZCnU5i3hcngo4H3UiNayYUtXpRcImV4slS1mw%3D&reserved=0>

This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002.

v2.8.7 | Report a Bug | By Email