IETF Logo Mail Archive

Re: [COSE] Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE Headers

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Fri, 11 March 2022 12:45 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28E413A1147 for <cose@ietfa.amsl.com>; Fri, 11 Mar 2022 04:45:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=T6MUrp38; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=T6MUrp38
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uQnqF_3RMDfv for <cose@ietfa.amsl.com>; Fri, 11 Mar 2022 04:45:42 -0800 (PST)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on060e.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0d::60e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBA1E3A101F for <cose@ietf.org>; Fri, 11 Mar 2022 04:45:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UKhRd3Ey3DmZZNdNekGNE2LrJo97KJbfK5Xox6eEg54=; b=T6MUrp38MmidEMCyVbCUXONsxi/xEne+ke44ZST339EHB4DWcE69lMr6WuwQM2j1I5f6nsFcl2w5iZAYVilpPlYtv9Q2XaSKN9+3hXMxC3G5Qv7D8jCVyg8jXU7AGLGFQxWI1Rh/k0Kc9WQVFlxoy3+wbgn9dPCZosg67Z08aFw=
Received: from DB8PR03CA0034.eurprd03.prod.outlook.com (2603:10a6:10:be::47) by PAXPR08MB6558.eurprd08.prod.outlook.com (2603:10a6:102:151::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.14; Fri, 11 Mar 2022 12:45:31 +0000
Received: from DB5EUR03FT037.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:be:cafe::56) by DB8PR03CA0034.outlook.office365.com (2603:10a6:10:be::47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5061.22 via Frontend Transport; Fri, 11 Mar 2022 12:45:31 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT037.mail.protection.outlook.com (10.152.20.215) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5061.22 via Frontend Transport; Fri, 11 Mar 2022 12:45:31 +0000
Received: ("Tessian outbound 18e50a6f0513:v113"); Fri, 11 Mar 2022 12:45:31 +0000
X-CR-MTA-TID: 64aa7808
Received: from 01a0daf808e7.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 18622C65-8178-4518-AD98-6D877AAF5689.1; Fri, 11 Mar 2022 12:45:24 +0000
Received: from EUR03-AM5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 01a0daf808e7.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 11 Mar 2022 12:45:24 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UeMnMo5TAsBxGJ/dW/+0yYnsdmFBVnSbstyYmr1zn8Pqp6Mm5FsPyynKF/l6KkLl59ZXklc1UVTDnXEhkPo8kuJzJJqVUhi+sHUsKyvZVXSrqPOcNabEVW2Tc/yqIeBQ9wkgRan50MqHCToHm3C/o5GLeKdORGRcrguEMupcNbKvJM2epUzNDMihCxiEFPcx4F736UsHRSJ2LmeQWaoV7akZRJSATBCdeZYjJ/rY4mpoLMwLwDhOwAkBmBExCPDkUCbB12QHFZslxEabuW+a4zKIOSWtWzntcy3HUMWs3Lf3ya/+6IDXufg34gpKu3mCJ6hDHeK6g5VMasPtDVxkGA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UKhRd3Ey3DmZZNdNekGNE2LrJo97KJbfK5Xox6eEg54=; b=mrnvpR9WyBuBagmqeqOysRM82oZ53TZg8NHMvnSuPenh3q5sqr7blZXUazZgnktl6RwLnLuBQgx66vxpWmT2zTYfzEHfFxbsXNPJL34sCOV2IOv8SRf35V39ErcNoNZ5LPE2PMjXBH1d/SS+mWwxVuPJSPXmVkaDRDNcUz3ndbG+QNzGZDjvKoHscGHtzHdkLlSKgZOY7EAgVAMCYmV4PRE+6px3e0csivvk9NmZtZ7sZNoFh5TDZGMbi5L24dDCoecn7A2HW+bF/XrFerrnrRL09YQfQdQFk1R32zmZhuOhnd1xUCHl/876N/xhIbwSJCZ0MWTmdxGCj2t3yHzwVw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UKhRd3Ey3DmZZNdNekGNE2LrJo97KJbfK5Xox6eEg54=; b=T6MUrp38MmidEMCyVbCUXONsxi/xEne+ke44ZST339EHB4DWcE69lMr6WuwQM2j1I5f6nsFcl2w5iZAYVilpPlYtv9Q2XaSKN9+3hXMxC3G5Qv7D8jCVyg8jXU7AGLGFQxWI1Rh/k0Kc9WQVFlxoy3+wbgn9dPCZosg67Z08aFw=
Received: from AS8PR08MB5911.eurprd08.prod.outlook.com (2603:10a6:20b:292::17) by AM4PR08MB2627.eurprd08.prod.outlook.com (2603:10a6:205:b::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.26; Fri, 11 Mar 2022 12:45:22 +0000
Received: from AS8PR08MB5911.eurprd08.prod.outlook.com ([fe80::81c3:37a0:1276:bd50]) by AS8PR08MB5911.eurprd08.prod.outlook.com ([fe80::81c3:37a0:1276:bd50%6]) with mapi id 15.20.5061.022; Fri, 11 Mar 2022 12:45:22 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Mike Jones <Michael.Jones@microsoft.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, Laurence Lundblade <lgl@island-resort.com>
CC: Tobias Looker <tobias.looker@mattr.global>, "cose@ietf.org" <cose@ietf.org>
Thread-Topic: [COSE] Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE Headers
Thread-Index: AQHYLe2WRhRO0cNsYEy31uS81Xo4sayrwO6ggACI4DCAACJrgIAA21qAgAAicbCAAHr4AIAAAExA
Date: Fri, 11 Mar 2022 12:45:22 +0000
Message-ID: <AS8PR08MB591101F54BE439EB52F48449FA0C9@AS8PR08MB5911.eurprd08.prod.outlook.com>
References: <SY4P282MB1274BCAC469DFE3B7284DFB29D039@SY4P282MB1274.AUSP282.PROD.OUTLOOK.COM> <DBBPR08MB5915A5EE40B555A4953E7BA0FA039@DBBPR08MB5915.eurprd08.prod.outlook.com> <SJ0PR00MB10050EBE6EAB4E80584A31B9F5039@SJ0PR00MB1005.namprd00.prod.outlook.com> <280EEA8E-67E4-4E7A-94A6-8C0A60048F81@island-resort.com> <36e34eb7-ee20-3644-4383-1c3f72279fc3@gmail.com> <DBBPR08MB59154C935195F0ADEFD0EC4BFA049@DBBPR08MB5915.eurprd08.prod.outlook.com> <SJ0PR00MB10051A6A8F8D3C9F87896899F5049@SJ0PR00MB1005.namprd00.prod.outlook.com>
In-Reply-To: <SJ0PR00MB10051A6A8F8D3C9F87896899F5049@SJ0PR00MB1005.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-03-03T17:02:05Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=36ec2deb-a102-4df9-acd3-bbc9d072b7ce; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0
x-ts-tracking-id: A04B7135A4959249B36DEF5623A0E901.0
x-checkrecipientchecked: true
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-MS-Office365-Filtering-Correlation-Id: bd108855-2bd2-4d90-0388-08da035d072e
x-ms-traffictypediagnostic: AM4PR08MB2627:EE_|DB5EUR03FT037:EE_|PAXPR08MB6558:EE_
X-Microsoft-Antispam-PRVS: <PAXPR08MB65580B7130A5A36618E3612EFA0C9@PAXPR08MB6558.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: j/PkupUeKxYTZIvTDLisW5fBRfkUmBBMkK5pxOvmkSfcizu9YdMfFfH56LKGWVIzggQmsDTg6At6iwGo5QXrfTR7f67sD/o3zBHNKSbdZoYZ8jKvaY04o4Z+cSBG0+BmKT3V1/WiqBeJz3qNFgH2/ONJv6QIy48gOaqzPOrgE8XbTHR1r6v/GuVU8QztQ93Qwetx3EY/OlsB9JPB7TPH+b+L2hJaV6jrzLEMrjPBUmlD43krRp0aAFL0Ad/Uis4mEtLemjLqI9UwOhLoYlJ3qMd+ioIvuD/uj5vxjWmYnm6yeeTMMv8Ja99/z5oEe1S+GHmhBolxXadip7S4mqi3vlrRc8+cxDd1CuVxKTT0AQQ6aOO42XiA2PQTSoR+iVa79SP2xQvkeK7LhGN6fKRBwdMd5fjHlfo5Rh6pcuNwufGdBKfcnKLNSDtfc+rwEyPborYo8GTKSr+vixYCyGRoVV6lsJH+xCfax9jIytYBhW4t3606cDsejL/+EtjKwsYJ2K4JpFPu/c4YFLFBUFJ9+8u3DDHugo6bvk6zJSKyKn67HYtHXv4TxeO9wtZv6rKiJ6yUeIRTTY3pDOA1uWNSsCyYR9uCduMhXrTpWMHgyLxgOPfuNyiy9xxNebTvX4lzqvOhSCt4UGLv+aR/v+oRPC593nMBo1lkTmR4YRITJkok95M+jVZh5tGYbqGAHkKcdc4nC6W4ZKLhKw0sizm4o0zdHI1aSbG2dbfnM0moMjQCzX0ssWsKMhcJfGR0drohHbm77HvXcSLI5dZZX+n+nw==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS8PR08MB5911.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(38100700002)(316002)(54906003)(110136005)(8936002)(8676002)(33656002)(6506007)(9326002)(4326008)(9686003)(76116006)(86362001)(66946007)(38070700005)(66556008)(66476007)(66446008)(64756008)(53546011)(7696005)(5660300002)(186003)(55016003)(2906002)(166002)(71200400001)(508600001)(966005)(26005)(45080400002)(52536014)(122000001)(83380400001); DIR:OUT; SFP:1101;
Content-Type: multipart/alternative; boundary="_000_AS8PR08MB591101F54BE439EB52F48449FA0C9AS8PR08MB5911eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR08MB2627
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT037.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: a18a6b58-11ff-444b-4c8c-08da035d0200
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: HzzCo1RbyXysBxgrN7GIpVuJQft5wlgN3fuNk3N5/rJ5m1/hRNWu3xZhjO4AvKuZY9AdI7WFkldboR+bGWQrH92sxGymZCr0KlagBeVVNJXTHgTDYn3cvAQsZKmz2ydkw2ZpeBYbmD0riHvnhA52Cs/st7zE4jdm3ywQLMj/iNY8HUGJponebxH5B0XT9FEq1pYt3oJvlDW49pJwcfmskaPHIVZ1DQKshPqBqfajIlwbSJBjefxpMsndEALSygY3QUzPIucfUWLSHI3O0LJCqfPSKZnqvSrxECe1TDvlDkNz8Si3gZw810pw4vDNIogkBGaAdqnnZ27C8z2klqyAuJQuTPlzItSsm46512Z2Eyw6mZ2X+qzPhnl6lvjtjU//1YAyI12yhyCJIQROado+8Jf2qR86lpKltv2v0kOrggU3TtbYOTwT29f92J4tOjOcjZwtWfxEUxPsH9pqWMdGJB+Bp5wiykEWHLmQZ9MvEeAX21DtFPRt99iy3y2rq366ys2f2m+WiC7jFCgcwToacs6B8KAv/CCuEgs5jQGyP5b2fSzW/AI87gMkqyavmknB3nX0IdHTd9pvQS7YIqIEGy5+dpB+yyUMD9ccRFcWdlYE7NnBP7TJez2NC8hBuBPrcq87OBN3op1ujHyvDfkZMpyoFeffaH8YlNul3Dqd3H9zH/q0Omtf+YKJz6h/3Ckppv8Oqt7vu3MoLOuIm+Gi4xRIpF68RyksRsCrm2BMvmK1hPiKQoLsU/V3TqSPO7zq
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230001)(4636009)(40470700004)(36840700001)(46966006)(6506007)(2906002)(55016003)(53546011)(7696005)(33964004)(47076005)(9686003)(33656002)(26005)(82310400004)(70206006)(8676002)(4326008)(70586007)(40460700003)(45080400002)(508600001)(166002)(356005)(81166007)(36860700001)(110136005)(316002)(52536014)(86362001)(54906003)(186003)(83380400001)(5660300002)(9326002)(336012)(8936002)(966005); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Mar 2022 12:45:31.3488 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: bd108855-2bd2-4d90-0388-08da035d072e
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT037.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR08MB6558
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/t61vvbpJk2pLe8NDpejJ7LHEF8I>
Subject: Re: [COSE] Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE Headers
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Mar 2022 12:45:48 -0000

Hi Mike,

maybe you can give examples of where this feature is used in JWTs, which would explain why you want to have it in CWTs as well.

Ciao
Hannes

From: Mike Jones <Michael.Jones@microsoft.com>
Sent: Thursday, March 3, 2022 6:02 PM
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>om>; Anders Rundgren <anders.rundgren.net@gmail.com>om>; Laurence Lundblade <lgl@island-resort.com>
Cc: Tobias Looker <tobias.looker@mattr.global>al>; cose@ietf.org
Subject: RE: [COSE] Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE Headers

We are *definitely* not attempting to change anything about COSE message processing, including how encryption is done.  We are defining an additional header parameter that can be used – that’s it.

                                                       -- Mike

From: Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>>
Sent: Thursday, March 3, 2022 1:45 AM
To: Anders Rundgren <anders.rundgren.net@gmail.com<mailto:anders.rundgren.net@gmail.com>>; Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>>; Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>
Cc: Tobias Looker <tobias.looker@mattr.global<mailto:tobias.looker@mattr.global>>; cose@ietf.org<mailto:cose@ietf.org>
Subject: RE: [COSE] Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE Headers

Hi Anders,

Thanks for jumping in.

The example you provide below is actually quite interesting and related to a question I posted to the list a few days ago (see https://mailarchive.ietf.org/arch/msg/cose/9nowDz5kbfUvrGR-o6U1Tm31XAA/).

I am not sure whether the intention of Tobias & Mike are actually to re-define the way how encryption is accomplished. They should confirm.

Ciao
Hannes

From: Anders Rundgren <anders.rundgren.net@gmail.com<mailto:anders.rundgren.net@gmail.com>>
Sent: Thursday, March 3, 2022 8:39 AM
To: Laurence Lundblade <lgl@island-resort.com<mailto:lgl@island-resort.com>>; Mike Jones <Michael.Jones=40microsoft.com@dmarc.ietf.org<mailto:Michael.Jones=40microsoft.com@dmarc.ietf.org>>
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>>; Tobias Looker <tobias.looker=40mattr.global@dmarc.ietf.org<mailto:tobias.looker=40mattr.global@dmarc.ietf.org>>; cose@ietf.org<mailto:cose@ietf.org>
Subject: Re: [COSE] Newly Submitted Draft - CBOR Web Token (CWT) Claims in COSE Headers

On 2022-03-02 19:33, Laurence Lundblade wrote:
Makes sense to me. Helps out for the EAT claim named “profile” which gives information about the type of the token you might want before fully verifying it. Addresses an issue Anders brought up about the profile claim.

Not so fast  :)  I brought up a bunch of things which can be illustrated by this (just implemented...) example of an encryption object:

211(["https://example.com/myobject"<https://example.com/myobject>com/myobject>, {
  / COSE content encryption algorithm = A256GCM /
  1: 3,
  / Key encryption container /
  2: {
    / COSE Key encryption algorithm = ECDH-ES+A256KW /
    1: -31,
    / Key identifier /
    3: "mykey",
    / Ephemeral key /
    5: {
      / COSE Key type = OKP /
      1: 1,
      / COSE Curve = X25519 /
      -1: 4,
      / COSE X coordinate /
      -2: h'33a04b83d4428824b6d5477522d4a88fac4441122bc46136c0203faa308c3929'
    },
    / Encrypted key /
    10: h'e08977c25aeccaecd63b3367de2e2b8f700c82e098ad1e5099d9db510920ccff14debf820427e4ba'
  },
  / Tag /
  8: h'59a84826983e3247fbec4295f75cc138',
  / IV /
  9: h'fd8556c122cff2bc128d5119',
  / Encrypted data /
  10: h'e16b16c29da5163eb0131dd1f10f080f8850f55df2ae9d89a3b839ad50952858445f290dfb60'
}])

The core of this builds on Deterministic CBOR which unleashes the true power of CBOR in a way legacy solutions do not.   The enhancements include:

  *   Eliminating wrapping of header and (unencrypted) application data.
  *   Using the entire container (modulo the algorithm output variables which are added lastly) as input to a signature process and to the authentication part of an encryption process.  In the example that includes the top-level CBOR tag as well.  cryptoOperation(cborObject.encode()) is all that it takes on the encoder's side.
This is pretty much what the X.509 folks have been doing from the very start so there is close to zero innovation here 😁

In the example I have also used a URL as profile/object type indicator since IANA CBOR custom tag 1537244 or whatever you end-up with, simply isn't pretty enough :)  To be more serious: URLs are decentralized and would in this context probably be browseable as well.

Cheers,
Anders
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.8.7 | Report a Bug | By Email