Re: [COSE] [Rats] Defining CWT, and JWT in UCCS in EAT
Laurence Lundblade <lgl@island-resort.com> Wed, 05 January 2022 19:15 UTC
Return-Path: <lgl@island-resort.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1D6F3A0CDB for <cose@ietfa.amsl.com>; Wed, 5 Jan 2022 11:15:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id azxwrwqvZfCF for <cose@ietfa.amsl.com>; Wed, 5 Jan 2022 11:15:19 -0800 (PST)
Received: from p3plsmtpa09-03.prod.phx3.secureserver.net (p3plsmtpa09-03.prod.phx3.secureserver.net [173.201.193.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 327473A0CDD for <cose@ietf.org>; Wed, 5 Jan 2022 11:15:19 -0800 (PST)
Received: from [192.168.1.7] ([75.80.148.243]) by :SMTPAUTH: with ESMTPA id 5Bkkn4kERwst35BkknEO2z; Wed, 05 Jan 2022 12:15:18 -0700
X-CMAE-Analysis: v=2.4 cv=TahTCTch c=1 sm=1 tr=0 ts=61d5ee46 a=VPU1mRQhDhA4uSX60JRRww==:117 a=VPU1mRQhDhA4uSX60JRRww==:17 a=IkcTkHD0fZMA:10 a=gKmFwSsBAAAA:8 a=EUspDBNiAAAA:8 a=nwZO15cZvr4CTeI_YUQA:9 a=QEXdDO2ut3YA:10 a=nnPW6aIcBuj1ljLj_o6Q:22 a=rMCfJy6NHDicN4J276Yl:22
X-SECURESERVER-ACCT: lgl@island-resort.com
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
From: Laurence Lundblade <lgl@island-resort.com>
In-Reply-To: <BD6BB35D-8569-4275-9237-0FC44077827D@tzi.org>
Date: Wed, 05 Jan 2022 11:15:18 -0800
Cc: Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>, Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "cose@ietf.org" <cose@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <802C8FF4-CB1F-4A40-A316-EE45BECF72FA@island-resort.com>
References: <DBBPR08MB5915F7205E4289169047704AFA769@DBBPR08MB5915.eurprd08.prod.outlook.com> <366755AA-727A-4319-863B-687FFADEED93@island-resort.com> <74372.1639777611@dooku> <AEAB8375-0352-418A-9828-D6D5A5476B5D@island-resort.com> <PH0PR02MB725628D0782290E657F4F7B1F24A9@PH0PR02MB7256.namprd02.prod.outlook.com> <BD6BB35D-8569-4275-9237-0FC44077827D@tzi.org>
To: Carsten Bormann <cabo@tzi.org>
X-Mailer: Apple Mail (2.3445.104.17)
X-CMAE-Envelope: MS4xfDz8eVRICBBkt86mIQcYg9SEHRdJCY0oG5MmvUzjdZOI+VdOsbi9JkYnxXkCyiH73ReKZOcyfkkityCYgEMSUCdmtxC4/ygjXoROlP3+0z446xYsK7HI WHZGyooU/RCmxKx18UrqBDeSLTLp4ticP8/g1nChc+a0QzZRd90+eIj75cAOyQInDw6ToJp/ELPbVjaNHo0b4B+4wGYQzRkLp4yD8FEiCFtYc+6gsvIeDPUa SNw/PUiys6MnC20D8vKmi6TQqi+BgXT89xnm2cICmXbIDRJVvEsGguFvDvYdPFLAKrJmCp6BDNVMJ9reoQAQfY9f8HcTVDMWG5SuCCiHm3E=
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/qaflmwgcIykB48geXoI6cs873pE>
Subject: Re: [COSE] [Rats] Defining CWT, and JWT in UCCS in EAT
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jan 2022 19:15:24 -0000
Generally agree with what you say below, Carsten.
It is partly my mistake for bringing up 8152bis. I didn’t realize 9051 and 9052 were out. I only brought it up because someone else suggested we put the CWT CDDL in a COSE document.
I believe there has been some confusion between these two:
1) The CDDL for a CWT
2) A new CDDL mechanism kinda like .cbor so that the CDDL for an encrypted COSE payload can be specified. There would be two parts to this
2a) Some additional CDDL control add-on to RFC 8610 that is not COSE-specific
2b) An add-on to the COSE spec that makes use of the new CDDL control for payload specification
To write a full tight CDDL spec for CWT, we need all off the above.
But of course the prose-based specification of COSE and CWT are perfectly fine now; the above would just allow all of it to be expressed in CDDL, rather than partly in prose and partly in CDDL.
(Seems like we’re in a transition period into the CDDL era were we are going to have a number of RFCs that add some CDDL to an existing document that isn’t fully CDDL. Some of these will be because CDDL itself is evolving. Not a bad thing, but a transition nevertheless).
LL
> On Jan 4, 2022, at 8:09 AM, Carsten Bormann <cabo@tzi.org> wrote:
>
> On 2022-01-04, at 14:02, Jeremy O'Donoghue <jodonogh@qti.qualcomm.com> wrote:
>>
>> I absolutely would not put the CWT CDDL into RFC8152bis – it is a payload definition, and RFC8152 is nicely agnostic as to payload right now – it makes sense to keep it that way.
>
> Obviously.
>
> But before I agree with you any further, please note that we are not at liberty to put new work into the two RFCs-to-be (9051 and 9052) that used to be called RFC8152bis. These are approved documents, and they have long left the WG.
>
>> I agree with Laurence that RFC8152bis needs a way to indicate the payload type.
>
> I don’t understand this sentence, not only because RFC8152bis doesn’t really need anything (see above), but also because there is common header “content type” (label 3), which is a way to indicate the payload type.
>
> Note that CWT is reasonably well-defined (suffering only by the lack of CDDL definitions for the individual registrations, and of a CDDL framework to put these in). All we seem to be discussing is the editorial matter where to put a CDDL definition that expresses that content. We are doing this not because we “need” it, but to make it easier to exercise the well-defined extension points CWT offers.
>
> I’m not sure I understand the rest of the message given that background.
> There is no need for a CWTbis. Any document could define that CDDL, even EAT. I’d still prefer to have this CDDL text and the accompanying conventions explained in a separate document. (No, splitting that out doesn’t need to delay EAT.) Which WG gets to run the process for agreeing that document is a second-order consideration; the decision should be dominated by quality and expediency considerations (including any rechartering that may be required). There is no need to wait with writing that document while that decision is being made by the SEC ADs; we can simply discuss it by cross-posting to all candidate WGs.
>
> As a general observation, the IETF is really bad in writing up small tweaks to an existing specification that may be needed for new work unless that happens in the same WG. Another contributor to the appetite for large, long-running WGs...
>
> Grüße, Carsten
>
>
- Re: [COSE] [Rats] Defining CWT, and JWT in UCCS i… Michael Richardson
- Re: [COSE] [Rats] Defining CWT, and JWT in UCCS i… Carsten Bormann
- Re: [COSE] [Rats] Defining CWT, and JWT in UCCS i… Michael Richardson
- Re: [COSE] [Rats] Defining CWT, and JWT in UCCS i… Carsten Bormann
- Re: [COSE] [Rats] Defining CWT, and JWT in UCCS i… Laurence Lundblade
- Re: [COSE] [Rats] Defining CWT, and JWT in UCCS i… Jeremy O'Donoghue
- Re: [COSE] [Rats] Defining CWT, and JWT in UCCS i… Carsten Bormann
- Re: [COSE] [Rats] Defining CWT, and JWT in UCCS i… Laurence Lundblade