Re: [COSE] Key identifier of type bstr / int

Orie Steele <orie@transmute.industries> Mon, 21 March 2022 13:55 UTC

Return-Path: <orie@transmute.industries>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BE263A07EB for <cose@ietfa.amsl.com>; Mon, 21 Mar 2022 06:55:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jhWQKoDezFs4 for <cose@ietfa.amsl.com>; Mon, 21 Mar 2022 06:55:11 -0700 (PDT)
Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 057503A07F6 for <cose@ietf.org>; Mon, 21 Mar 2022 06:55:10 -0700 (PDT)
Received: by mail-lj1-x22a.google.com with SMTP id g24so18722913lja.7 for <cose@ietf.org>; Mon, 21 Mar 2022 06:55:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pVn1o36wPKJmvJcKjVftjTfF6BpzrJBWVrFEsEgZItM=; b=IglnTIK/p3nmd4O/57wL+s2CkVGFVl4zHiX0dcTlj0DtNmIueB6bl5TFnR9SUjztGU JjFwhXnypJ03xW7rE6/EyS+7xt8pu0UbIdXx2AVPTJsXwRuCQcB1ApGrUkqPywto8Tj6 l4fufZuJb6s+d4H9U8Dmh5iMve4geU5mDSWgVLmbp35q62GV7r0P6hyzjhF0o6U8+JqF 16oxlVj1GYNdb0oKB2ZqWvRitJyZWfYTGN7Du9DE98PHxrNGCdDObjr54lzcGjAWnddF uYp9Tmrzx7J2fBG+eHml1rYGDsf2UDyJfttHUOeROzgvE9TeyE2bjGNj45rM5z4y1Nq2 8CxA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pVn1o36wPKJmvJcKjVftjTfF6BpzrJBWVrFEsEgZItM=; b=iF/GpKeolf6BkzDd9M+kcD+YprLk1RGr8Dw9sB6qInCi7sYe/cw/RIHIKzzPulvD7C sMVM4Wh8dlAIjZAx28IksI2VMRCDEQQ+LJWM+3EVWlIlvGGx2GkTeIGikZSetX7EmUfH OsQWYWyvD0oT4KOG2d9aq+PI14uuFXzHMPpiAiuW+/SggFQ4idFQKoRQprryTR+S8Hy+ eA8RxuPTYuuFNgF74pAReHOisKPXEm+MPofDWOz9Ym7wM09FMBad0v4ptTBnfCCvmIpk /DYKmL0ZF+0TxMI2AS8BQEOxs4IGRGVrUr57ejmSIlGbNuwu3l1tN65ZHbCMqCixGnBR VSlA==
X-Gm-Message-State: AOAM532ukYvCSjtW1BiXNel5xkWCc4Xzb8WSXfow8MsXhvTKwVu/FQFT 5N5ivQkfHs1qy2xZMBSuT5oZYis9UKMCQrdN2U1zr86ff8NCsw==
X-Google-Smtp-Source: ABdhPJwIpP+hA6eocGKupUTMYF9B4c6qSwyoLK86+WRMco9CSY86fYTayHsWXIu6V1Qe4YxaiXaRzlIic2ktXM/0mtc=
X-Received: by 2002:a2e:99cf:0:b0:249:3cc7:2225 with SMTP id l15-20020a2e99cf000000b002493cc72225mr15011546ljj.287.1647870908629; Mon, 21 Mar 2022 06:55:08 -0700 (PDT)
MIME-Version: 1.0
References: <95B75634-B147-4756-A950-C6B139CF3ADD@ericsson.com> <9DF382AC-12A8-47A5-AAE7-2B0D75EAA669@island-resort.com> <EDFDB6E4-2BDE-4E2E-9CF0-D771E2DEF3C6@ericsson.com> <823C00C2-4F6C-4DF5-99B0-87D8524D4A9C@island-resort.com> <C059B669-4C5D-4980-A665-96A39F4457C3@island-resort.com> <AM4PR0701MB21958541C07CEA44DB1B1578F4169@AM4PR0701MB2195.eurprd07.prod.outlook.com>
In-Reply-To: <AM4PR0701MB21958541C07CEA44DB1B1578F4169@AM4PR0701MB2195.eurprd07.prod.outlook.com>
From: Orie Steele <orie@transmute.industries>
Date: Mon, 21 Mar 2022 08:54:57 -0500
Message-ID: <CAN8C-_+3sWckZKo7KS2fsPU4pBHo+NNGgQpxg7p8LytFX01eEw@mail.gmail.com>
To: =?UTF-8?Q?G=C3=B6ran_Selander?= <goran.selander=40ericsson.com@dmarc.ietf.org>
Cc: Laurence Lundblade <lgl@island-resort.com>, "cose@ietf.org" <cose@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000251b7b05dabad890"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/rFXbINxOKk_jVn-NC8U4c2ao6GQ>
Subject: Re: [COSE] Key identifier of type bstr / int
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2022 13:55:20 -0000

I am a -1 to changing `kid`, it should remain a string, for compatibility
with existing key identifier systems.

Including ones that support
https://datatracker.ietf.org/doc/html/rfc7638#section-1

See the original definition:
https://datatracker.ietf.org/doc/html/rfc7517#section-4.5

> The "kid" value is a case-sensitive string.

Many implementations have built hard dependencies on RFC7515.

One of the nicest things about JOSE / COSE is being able to "upgrade" from
JOSE to COSE.

Having a significant difference between `kid` in JOSE and COSE would be
harmful.

If we really need an integer version of `kid` I would suggest following the
`jti / cti` convention and calling it `ckid`... keeping it optional (as is
the convention), and ensuring it is not part of thumbprint computations.

Regards,

OS




On Mon, Mar 21, 2022 at 8:35 AM Göran Selander <goran.selander=
40ericsson.com@dmarc.ietf.org> wrote:

> Hi Laurence,
>
>
>
> Thanks for copying in the old thread. As noted, you and others preferred
> `kid` as bstr / int rather than `kid2` as int when we discussed it last
> time. Would be good to come out with a more solid motivation this time so
> we can converge on this  :-)
>
>
>
> With `kid2` as int, the fields that uses both bstr and int would be of
> type  `kid` / `kid2` which is fine.
>
>
>
> There is an algorithm for translation from CBOR bstr / int to byte strings
> on the wire (back and forth) in draft-ietf-core-oscore-edhoc.
>
>
>
> Göran
>
>
>
>
>
> *From: *COSE <cose-bounces@ietf.org> on behalf of Laurence Lundblade <
> lgl@island-resort.com>
> *Date: *Monday, 21 March 2022 at 14:14
> *To: *Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org>
> *Cc: *cose@ietf.org <cose@ietf.org>
> *Subject: *Re: [COSE] Key identifier of type bstr / int
>
> Thinking about Mike’s comment today in COSE/Vienna about backwards
> compatibility. Looked at my code around this. That definitely seems like an
> issue.
>
>
>
> What about defining “kid2” as just int? “kid” stays as bstr only. Then
> there’s no backwards compatibility break. Adding support for another
> integer parameter isn’t difficult. The downside is a little extra code to
> look at two different parameters.
>
>
>
> You’d probably want to say that only one of the two kids MUST be present.
>
>
>
> Another random idea — could you say that it is allowed to translate an
> integer kid to a bstr kid by assuming network byte order and stripping
> leading zeros?
>
>
>
> LL
>
>
>
>
>
>
>
>
>
> On Aug 13, 2021, at 3:01 AM, Laurence Lundblade <lgl@island-resort.com>
> wrote:
>
>
>
> Understood about the use case. Thx for the background.
>
>
>
> On Aug 10, 2021, at 3:13 AM, Göran Selander <
> goran.selander=40ericsson.com@dmarc.ietf.org> wrote:
>
>
>
> Assume that we do want to allow key identifiers to be CBOR ints in certain
> settings,  what is the best (least intrusive) way to allow this while still
> maintain compatibility with 'kid's supporting the type bstr? Another
> alternative to what has been listed below is to define 'kid2' to only be of
> type int - is that a better option?
>
>
>
> I didn’t write actual code to check, but they about the same to me.
>
>
>
> ‘kid' as int/bstr seems less confusing to me than ‘kid2’. It tells you it
> does exactly the same thing whether it is an int or a bstr.
>
>
>
> So my pick is ‘kid’, but ‘kid2’ is OK too.
>
>
>
> LL
>
>
> _______________________________________________
> COSE mailing list
> COSE@ietf.org
> https://www.ietf.org/mailman/listinfo/cose
>


-- 
*ORIE STEELE*
Chief Technical Officer
www.transmute.industries

<https://www.transmute.industries>