IETF Logo Mail Archive

Re: [COSE] Key identifier of type bstr / int

Göran Selander <goran.selander@ericsson.com> Mon, 21 March 2022 17:16 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C6823A0FFA for <cose@ietfa.amsl.com>; Mon, 21 Mar 2022 10:16:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.099
X-Spam-Level:
X-Spam-Status: No, score=-7.099 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C3synIQHVB8Y for <cose@ietfa.amsl.com>; Mon, 21 Mar 2022 10:16:10 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on060b.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0e::60b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F57A3A1A59 for <cose@ietf.org>; Mon, 21 Mar 2022 10:16:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gw6BmzD8nCHLpKzkyPUN/RnvoE6JZuVZZWm4pc5egQC1xQK6/5BjIly8KSYhOCCCk9wx95//VsLzlvbwhm69QJ52CauuMIp0vIIMeK5x6Hu3q7yfaswoWZDniXz0bETL7GBFuUiCDSAA+I6x2qtDPkKNwO4NKpxP1LoNG/pwfyLC+9oEA2wshyzvyxMCsQqqS/aCBUoHc3cqH7AzUZ/JvRpMI8D4oAHnYBIr/y9kyNCgZPTlAtGk4D3QMEvJ1Mzf+V7kDZNYiVZY7gYqEGfi2WhOgMQA5Bx5no8q1E9WVPwOcSptS02vIRx9a86J60vgnM5oxnkMIKu04H0L+to7Tg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EUW2ng/7Ly0kyR22aTgvT0oCNbFMvb6nNmnTgNk+e+o=; b=Jfvy7fIDaYhU5CWpdFyVAoDa00oSI8BKIhUsHCTCbCGewCOzdcb9hh6wpWRl6y3Q067JLZmgENn1+XnBCXDa0qeLCM0LIUKdFYpYF7AngyNKDA5MexGsUY+lJX5ZAKCBC45bd1Zzao63GKX1TabuWJbaNLk+wN3DkoR+bi8cZd0V858knLHYp7XRfQm6mDwhnviTRAslsm+7KmyuHEi8qhG7OkNuhC6CZg8I7K1jAicDzZJvEbNzr9dlDMZ4isnob8J5A2zNT4SjU4cJXuZAZ9dG31RsIzofeu/5x0JBOEe+73XCHyWFEKXIwctztKTbXzkRIL34fjkjfrIJTSkWfg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EUW2ng/7Ly0kyR22aTgvT0oCNbFMvb6nNmnTgNk+e+o=; b=JwlvpxtbtCpSVfZ63orul36f86hDf+3Y6/cIIzLhKh9n6JoByujcI/VCg7gj6evx/nWWkzjKT3y1QxanM3kEU5EAEZCBnYeWQlXa32B3k6uyL1p4/09vnBh5ubNWS3H9RkpimU2RuCsh8joKV9U8OIoSLedwM3Yy2pFXauedQ08=
Received: from AM4PR0701MB2195.eurprd07.prod.outlook.com (2603:10a6:200:45::6) by DB7PR07MB5801.eurprd07.prod.outlook.com (2603:10a6:10:85::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.11; Mon, 21 Mar 2022 17:16:05 +0000
Received: from AM4PR0701MB2195.eurprd07.prod.outlook.com ([fe80::7c54:b32f:e7b0:baff]) by AM4PR0701MB2195.eurprd07.prod.outlook.com ([fe80::7c54:b32f:e7b0:baff%11]) with mapi id 15.20.5102.015; Mon, 21 Mar 2022 17:16:04 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: Orie Steele <orie@transmute.industries>
CC: Laurence Lundblade <lgl@island-resort.com>, "cose@ietf.org" <cose@ietf.org>
Thread-Topic: [COSE] Key identifier of type bstr / int
Thread-Index: AQHXhT54TcPpMfWo3E61Id/NsrhJv6triUiAgAEuhQCBXojpgYAAAG63gAAK3oCAADPpUQ==
Date: Mon, 21 Mar 2022 17:16:04 +0000
Message-ID: <AM4PR0701MB2195D76D8CFCC873C1D05A04F4169@AM4PR0701MB2195.eurprd07.prod.outlook.com>
References: <95B75634-B147-4756-A950-C6B139CF3ADD@ericsson.com> <9DF382AC-12A8-47A5-AAE7-2B0D75EAA669@island-resort.com> <EDFDB6E4-2BDE-4E2E-9CF0-D771E2DEF3C6@ericsson.com> <823C00C2-4F6C-4DF5-99B0-87D8524D4A9C@island-resort.com> <C059B669-4C5D-4980-A665-96A39F4457C3@island-resort.com> <AM4PR0701MB21958541C07CEA44DB1B1578F4169@AM4PR0701MB2195.eurprd07.prod.outlook.com> <CAN8C-_+3sWckZKo7KS2fsPU4pBHo+NNGgQpxg7p8LytFX01eEw@mail.gmail.com>
In-Reply-To: <CAN8C-_+3sWckZKo7KS2fsPU4pBHo+NNGgQpxg7p8LytFX01eEw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b3715f24-ff90-4f58-5707-08da0b5e7b04
x-ms-traffictypediagnostic: DB7PR07MB5801:EE_
x-microsoft-antispam-prvs: <DB7PR07MB58011B0E624DA6332A853FF5F4169@DB7PR07MB5801.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: q23rkZJ0tDPq4vLYVJWp9QuFRX/pE6Bho6/f/3FlTLiad+6z1K8unwRHVJ0euQEj3RbBgklvd0e77TGLlj8o5mMig85H8kRvTTnNU9clzpbPpcMN2SXY2U/qe+adhkPYEIFOoNNk16XoYhutNsQVPSvUq76NmG2a8voLP28zREMlF+N+QNCxMh6K7mbUvT2LrAlEPa+DFR7qKhWk6DegfcigUL3yxa5VcupWIlBME1kVyTOLBfDEkFldAPe+7VdOteYlII8xXciP26E9giil507v3a0s9tzgkIbmqi6fLD0OoNbfGDusBIKFEEsDHgmDq534kbob+XFiLzTICs2iR+YTolZN75imfej2hQajXj1X9G7pKyjs0pbtslxT/RrrXm5FvMzWRqIMmdAM4yUa5+b6HdINVsvj1w0i1DVfZ31lEsnS15gA7Tbu8hJQLJJ1vJt8rIt6ZbYmhYRDubke8BfR6NREyiyVCkCydZMTWlhOCgiKWZvFsC1YZKyMeXf1zt9fyfpwChUET+cZPOe7KxKmSaoVisC65VcjxKlnlCUGfWd/5HV6rxWoK0mnWvA0WKRTf0zUdMRQpq8P3B3twoXhQYnoU0r4t2Ok0V4Vqyvd3NkDVa40bDKpffJazA7ZM1HJAOE4zZ8zlZXUNmNkqRr1QZPmP6EqvFfKyd6gkF4vPLHqAEofXuzRpxyXUBwLZaN4GNSoXzXoDV/8aqdFjImxHtGEAOU3XDkpLVkDMxxuxfrY9yi99JKwvA6qDVmS2qHOf8y5KDkFQ3m0ExaHpkGV6UW5e3lcBEWkjL4lvJ9sUy52X1eQjGX4jT1JR7W0Eso8BXk5uA79Kd/4zHwKDVYXM0fr6AT/idN7EGQSkkPRPxJ55873peavh9gk0PMi
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM4PR0701MB2195.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(71200400001)(55016003)(8936002)(66476007)(52536014)(508600001)(66946007)(166002)(7696005)(91956017)(76116006)(66446008)(33656002)(966005)(4326008)(66556008)(53546011)(6506007)(8676002)(9686003)(64756008)(38070700005)(2906002)(38100700002)(26005)(54906003)(186003)(5660300002)(82960400001)(316002)(83380400001)(6916009)(86362001)(122000001)(66574015); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: FbvrTZ4hKpGgFtIBqOS+Rc2WqI1FlhoY7y2/ycn0VbegFzOdhtksg/2Cd2SAhV/vdbzbBDsYxzVbP5J0lFWyEiJKrfzf0+cq/9VX7BGx/0RwBX7DFlaohjfmG/G87zRp/UG6S1l2h40zDCPJ5iLrmNU+sv+JmFkAbXI69Zpkp0/3KkfbALAwz6B5TwEl+MhtUGiJI/Vx9QlfF48Ey2jYev+VYQGDdcrUGoCav1VgL3cF0NncJJklz2WYXXk6+yxoY6Enq/VduL8oRO5sJOC3AjTp036kaqeqVWsko7AWLL5xsqL+0yOr4PDSBoeLa6xesWTSf0swn59QIpC/2/OTzHDJYvpq0SxvnhIKw/+emEW6ig2u1vkOTrss8eeahSQclST2spcXU+AVXSwBKuoSjLQgkiJlh54VwOIzJcukZl3IFKdCvNQ9Sgt87wla6jFNQYuvvwCwi6tWp3w+Gu7LvDKQA6sSbeWyYCkUXQf+EcxK8mI5fwVxbN2luLo66nQASzgfnFAU6Lh9eFwglsFZD5PIIzCtKciDRoDzvpkSzIR18huk7VUCNer7bI2ORllRDY/BczZlqAAsH0SXoje0swnitheCF2BYyDvAmDJ+2/wWO1qGSSg+RH64J/a8LtIhWQZ1xNyvbWN4pEI4bdTL6LRMpXAdnWv3+vUJp7FVT7bUSGngDqPP+aYQsubBsyws5uUZ3ZeCzIgO/cUlpVfypT8ARcVRVNJSX2MJJbCKkDPCFFYtVr4pKzIKejlVb5B5qcTcxxI2gCh6qkiIJpxMgDfC7lQ9cjIVt+E7KXWDsWS3OztDpxaSBgQ0jl+suhLMVD2NRLgAVyI2t3FvmJ/UU8aEhx9WKuxQl/njFrpUvUNdz35zLAi7dP+SA0f/f3OVikfzHocb5obYFdczDUUyEUpKGiojyjypuwjwH/4nkYGzwpp6kZQAeL4HTrE6a4K8W+gg5ww1ld/F9D54NnfXynrmJsERGCsbWglZ+rpK6ehHbmj0BA7RcXxTaCQAUPztDQ8mfpLaulscC6rmQvcNv7vxv/ejpU1oUsb6vOS4gKq71KixnlbksdPIxAlZGOcaY/TyqZ0Ai0NqCmTsIkhX2EnLS+justs2JiMgDeLXAOBg9nGClhF6ha6MvF4IJYKJu3iZkD/FIsV047uKArobbNrxJnYjVZZPiJHvJhCTy/7J7WQQe0nSkD9D+2dkoxI/LUTTGHuKVQN/FaI79HLDf0dYjJZXOT14IrFqBfzNx8UQerPiEfcBlK5juVOGuaqSIUCNCxLW0YL1yh7P7OfrPWxQkKhdzDFvnM1kYs2HeDW+peg1prvYBXmlFqC2cZzj1kHpuGOC2eQ/RQh+5zwcCoac2RW/pjGbUNXiBUJkfcnKHvi6txuHFENQuUD0WdEROot9g96suMdX8Nx3UfwjSRtgnzfE7hg0XPoxIA7W3SO7jY3Qo/u8HKMT9+e4UAJRrQ3yIM9fEF1EbSOYY2BPBM02Xw262ydJNETyIHCD+bA=
Content-Type: multipart/alternative; boundary="_000_AM4PR0701MB2195D76D8CFCC873C1D05A04F4169AM4PR0701MB2195_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM4PR0701MB2195.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b3715f24-ff90-4f58-5707-08da0b5e7b04
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Mar 2022 17:16:04.0528 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: oHh2suKackqtd4pw5IFWtLusJlWekK0JKS49aOAkWD8BBSE7sdDSSpG0bLWvqsAl471iinNfoW9aOx/aCiUzm02VTXqkqm2FeUf8oOq4A6s=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR07MB5801
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/rCeCq6M7EEX1lwAOk6L2GdOpI7A>
Subject: Re: [COSE] Key identifier of type bstr / int
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2022 17:16:16 -0000

Hi Orie,

Thanks for input. I didn't get the proposal though:

> If we really need an integer version of `kid` I would suggest following the `jti / cti` convention and calling it `ckid`... keeping it optional (as is the convention), and ensuring it is not part of thumbprint computations.


RFC 7517/7519: kid and jti value are case-sensitive strings



RFC 8152/8392: kid and cti value are CBOR bstr



Is there any difference between a `ckid` which is CBOR int or a `kid2` which is a CBOR int (besides the name)?

Thanks
Göran


From: Orie Steele <orie@transmute.industries>
Date: Monday, 21 March 2022 at 14:55
To: Göran Selander <goran.selander@ericsson.com>
Cc: Laurence Lundblade <lgl@island-resort.com>, cose@ietf.org <cose@ietf.org>
Subject: Re: [COSE] Key identifier of type bstr / int
I am a -1 to changing `kid`, it should remain a string, for compatibility with existing key identifier systems.

Including ones that support https://datatracker.ietf.org/doc/html/rfc7638#section-1

See the original definition: https://datatracker.ietf.org/doc/html/rfc7517#section-4.5

> The "kid" value is a case-sensitive string.

Many implementations have built hard dependencies on RFC7515.

One of the nicest things about JOSE / COSE is being able to "upgrade" from JOSE to COSE.

Having a significant difference between `kid` in JOSE and COSE would be harmful.

If we really need an integer version of `kid` I would suggest following the `jti / cti` convention and calling it `ckid`... keeping it optional (as is the convention), and ensuring it is not part of thumbprint computations.

Regards,

OS



On Mon, Mar 21, 2022 at 8:35 AM Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org<mailto:40ericsson.com@dmarc.ietf.org>> wrote:
Hi Laurence,

Thanks for copying in the old thread. As noted, you and others preferred `kid` as bstr / int rather than `kid2` as int when we discussed it last time. Would be good to come out with a more solid motivation this time so we can converge on this  :-)

With `kid2` as int, the fields that uses both bstr and int would be of type  `kid` / `kid2` which is fine.

There is an algorithm for translation from CBOR bstr / int to byte strings on the wire (back and forth) in draft-ietf-core-oscore-edhoc.

Göran


From: COSE <cose-bounces@ietf.org<mailto:cose-bounces@ietf.org>> on behalf of Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>>
Date: Monday, 21 March 2022 at 14:14
To: Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org<mailto:40ericsson.com@dmarc.ietf.org>>
Cc: cose@ietf.org<mailto:cose@ietf.org> <cose@ietf.org<mailto:cose@ietf.org>>
Subject: Re: [COSE] Key identifier of type bstr / int
Thinking about Mike’s comment today in COSE/Vienna about backwards compatibility. Looked at my code around this. That definitely seems like an issue.

What about defining “kid2” as just int? “kid” stays as bstr only. Then there’s no backwards compatibility break. Adding support for another integer parameter isn’t difficult. The downside is a little extra code to look at two different parameters.

You’d probably want to say that only one of the two kids MUST be present.

Another random idea — could you say that it is allowed to translate an integer kid to a bstr kid by assuming network byte order and stripping leading zeros?

LL




On Aug 13, 2021, at 3:01 AM, Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>> wrote:

Understood about the use case. Thx for the background.

On Aug 10, 2021, at 3:13 AM, Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org<mailto:goran.selander=40ericsson.com@dmarc.ietf.org>> wrote:

Assume that we do want to allow key identifiers to be CBOR ints in certain settings,  what is the best (least intrusive) way to allow this while still maintain compatibility with 'kid's supporting the type bstr? Another alternative to what has been listed below is to define 'kid2' to only be of type int - is that a better option?

I didn’t write actual code to check, but they about the same to me.

‘kid' as int/bstr seems less confusing to me than ‘kid2’. It tells you it does exactly the same thing whether it is an int or a bstr.

So my pick is ‘kid’, but ‘kid2’ is OK too.

LL

_______________________________________________
COSE mailing list
COSE@ietf.org<mailto:COSE@ietf.org>
https://www.ietf.org/mailman/listinfo/cose


--
ORIE STEELE
Chief Technical Officer
www.transmute.industries<https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-a7ff2eb208872658&q=1&e=94b1f6ec-570c-49db-b72f-d15cfe926d93&u=http%3A%2F%2Fwww.transmute.industries%2F>

[https://drive.google.com/a/transmute.industries/uc?id=1hbftCJoB5KdeV_kzj4eeyS28V3zS9d9c&export=download]<https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-c169100f194b3f01&q=1&e=94b1f6ec-570c-49db-b72f-d15cfe926d93&u=https%3A%2F%2Fwww.transmute.industries%2F>

v2.23.0 | Report a Bug | By Email