IETF Logo Mail Archive

Re: [COSE] Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE Headers

Carsten Bormann <cabo@tzi.org> Fri, 04 March 2022 07:08 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4FEC3A0DF9 for <cose@ietfa.amsl.com>; Thu, 3 Mar 2022 23:08:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pxJMlBgZ0_Cu for <cose@ietfa.amsl.com>; Thu, 3 Mar 2022 23:08:05 -0800 (PST)
Received: from gabriel-smtp.zfn.uni-bremen.de (gabriel-smtp.zfn.uni-bremen.de [134.102.50.15]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 864313A0DB1 for <cose@ietf.org>; Thu, 3 Mar 2022 23:08:04 -0800 (PST)
Received: from [192.168.217.118] (p5089ad4f.dip0.t-ipconnect.de [80.137.173.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4K8zTG6FlbzDCbM; Fri, 4 Mar 2022 08:08:02 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <f4dd91ee-b6e1-2dd4-abaa-21e75b3106b1@gmail.com>
Date: Fri, 4 Mar 2022 08:08:02 +0100
Cc: Mike Jones <Michael.Jones@microsoft.com>, Hannes Tschofenig <hannes.tschofenig@arm.com>, Laurence Lundblade <lgl@island-resort.com>, Tobias Looker <tobias.looker@mattr.global>
X-Mao-Original-Outgoing-Id: 668070482.31543-b7696f25acf03ad794f73f04d771e4c1
Content-Transfer-Encoding: quoted-printable
Message-Id: <9E9D10FB-54D6-499C-918B-DA6E7D9E1CF1@tzi.org>
References: <SY4P282MB1274BCAC469DFE3B7284DFB29D039@SY4P282MB1274.AUSP282.PROD.OUTLOOK.COM> <DBBPR08MB5915A5EE40B555A4953E7BA0FA039@DBBPR08MB5915.eurprd08.prod.outlook.com> <SJ0PR00MB10050EBE6EAB4E80584A31B9F5039@SJ0PR00MB1005.namprd00.prod.outlook.com> <280EEA8E-67E4-4E7A-94A6-8C0A60048F81@island-resort.com> <36e34eb7-ee20-3644-4383-1c3f72279fc3@gmail.com> <DBBPR08MB59154C935195F0ADEFD0EC4BFA049@DBBPR08MB5915.eurprd08.prod.outlook.com> <SJ0PR00MB10051A6A8F8D3C9F87896899F5049@SJ0PR00MB1005.namprd00.prod.outlook.com> <f4dd91ee-b6e1-2dd4-abaa-21e75b3106b1@gmail.com>
To: "cose@ietf.org" <cose@ietf.org>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/qfVk431r61qmZxIub0tkMjIFsjs>
Subject: Re: [COSE] Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE Headers
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Mar 2022 07:08:09 -0000

On 2022-03-04, at 07:54, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:
> 
> - Collect key and algorithm data from the authorization signature object.
> - Save and Remove FIDO "authenticatorData" and FIDO "signature" from the CBOR container.  

This is what we called the “transform” in the beloved XMLDSig.
The complexities of this step can be the basis of interesting vulnerabilities (or interoperability failures).

> - Set "authorizationData" = re-serialized CBOR container.

(Using deterministic serialization.
Fortunately, that works much better in CBOR than in other serialization formats.)

> - Verify signature using ("authenticatorData" || sha256(authorizationData) as signed data.

Now you have verified a signature as applied to the transformed data.
COSE differs in design by signing the actual data as interchanged.
(This is not as expensive to do in CBOR as in serialization formats that cannot efficiently encode byte strings, i.e., binary data.)

Grüße, Carsten

v2.8.7 | Report a Bug | By Email