IETF Logo Mail Archive

Re: [COSE] [Ace] draft-raza-ace-cbor-certificates-04.txt

Joel Höglund <joel.hoglund@gmail.com> Fri, 24 April 2020 12:01 UTC

Return-Path: <joel.hoglund@gmail.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14DF83A0AF8 for <cose@ietfa.amsl.com>; Fri, 24 Apr 2020 05:01:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b02YZ3wd0wIk for <cose@ietfa.amsl.com>; Fri, 24 Apr 2020 05:01:23 -0700 (PDT)
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDA683A0AF4 for <cose@ietf.org>; Fri, 24 Apr 2020 05:01:21 -0700 (PDT)
Received: by mail-ed1-x52d.google.com with SMTP id a8so6992284edv.2 for <cose@ietf.org>; Fri, 24 Apr 2020 05:01:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=e2rC7TQCf19UZRIt6FQjsynO4s8bBciNQIQwfn2ym4c=; b=TUuE/vbVLPGStEu7gRsT1+DjimPP21f56176jKVqj8xXyuBjqLbD1IcWHerF1F4+wD QtncbDNHcx7rFzVAzwB24bQM3dC8FfU9woqY2Yev1LRGQX56FZMSl+xiE4y06KT8ZzPU xl7d4M6K4SSBJQy0vr7Nmr/o+uim6N2A5DhXiYxeamQT4S/de8Epq/U12Mwi+LTfT3zt beIwZbsjqBdXaNqVdaZVhY0hqjIv6JjrDb0CofFipi0jY2Y7pmaoezRsNLRZQ+qWejlF pQg0W+K/HoJwHhneLbTS1xZsjjx0/vsGStvsSUs6TN+XJY4640UH0E2GluS30pxlMx0Z 8LkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=e2rC7TQCf19UZRIt6FQjsynO4s8bBciNQIQwfn2ym4c=; b=iIVp3A8OYogkhl7axlozCNF/O6iIk6SsHwfDiXGaK4rpII3+UaHK2oGOggifChUnrv sWM6PplyqBwDFbKDfT8lhrcT6qe8T9agZbqf1zes5fYi6foSFT6ndbllZ8zVHLr9Eiyc 7+2of66iVtXpCgPI6HGaGV5d07qCp7eTHZfoiCzOeQHFu31mkuONoKlPnh6maM4z2x6J eQ3w4ZLSrU2ZPJgMUZFIlwCooEEUDH/8+pGP3AzMefHfe1dDhuAByLKrU/+4oazP0UTv tyAs9aLJkjaXsTphI1PKPo1Cd6lJM3uShJ5zZRIobUMX+zx2G0N0azbyf8vqABkQeZtp 5OGQ==
X-Gm-Message-State: AGi0PuYIgp4yOamacdeEK0wNnYtoh4c9cv64BXKo/Dtk1DsPU8sgJRHZ yXn/FYuUrRhuS2o4qozK3SpOFKlrTrtZbkYIST3m7kRx
X-Google-Smtp-Source: APiQypLhtz+lzjh7u3jHKYLarHvbHad/qxS147WhBjFQtge/upmjLo75nqeeYUFdmX1BO5pPtNyUm6nhjSGDCSp4M80=
X-Received: by 2002:a50:ee0e:: with SMTP id g14mr6948822eds.34.1587729680111; Fri, 24 Apr 2020 05:01:20 -0700 (PDT)
MIME-Version: 1.0
References: <CAHszGE+s0gBKNmDky4NZLP3SO-BqosQ2FvA7HeZprv3jWFFL7g@mail.gmail.com>
In-Reply-To: <CAHszGE+s0gBKNmDky4NZLP3SO-BqosQ2FvA7HeZprv3jWFFL7g@mail.gmail.com>
From: Joel Höglund <joel.hoglund@gmail.com>
Date: Fri, 24 Apr 2020 14:01:09 +0200
Message-ID: <CAHszGEJ94aF9XA_4q-DnKzUNAtJo059zXMFcunOv8f-SG2hyvw@mail.gmail.com>
To: cose@ietf.org
Content-Type: multipart/alternative; boundary="000000000000951ad505a4081f05"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/tVBqOK78cw3O9rXbZKneexjmdBQ>
Subject: Re: [COSE] [Ace] draft-raza-ace-cbor-certificates-04.txt
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Apr 2020 12:01:26 -0000

Hi!

First a meta comment, sorry for spamming: I’m now answering to both the ACE
and the <update> COSE mailing list. If the working group chairs have
recommendations on where to keep the continued discussion I’m eager to hear.

Thank you for your review! Some answers to the questions are inline below.

> When you sign CBOR, usually it is wrapped in a bstr. This is important

> to be able to use typical CBOR encoders/decoders. This doesn’t seem

> to be the case here, at least I don’t see it in the text near the end of

> section 3.

Since this bstr wrapping has become the expected norm we agree this is a
good suggestion for an improvement with low overhead, which we will add for
the next version.

> Was any consideration given to using the COSE algorithm registry rather

> than defining a new one?

Yes, it is still work in progress to determine if the COSE algorithm
registry can accommodate the algorithms deemed useful for inclusion.

> But of most interest to me is whether the COSE was considered as the

> signing format for native CBOR certs. If COSE is used, then this looks

> almost identical to CWT and may be a native CBOR cert is a variant of

> a CWT? … …

Our starting point has been to stay close to the original X.509 format
while minimizing size. A COSE encoding would re-add some format overhead
(close to 10% for the provided example certificate). But if a COSE encoding
would help making the format accepted and used, it can definitely be
further discussed.

Once again, thank you for your comments!

and

Best Regards

Joel Höglund


*Från:* Ace <ace-bounces@ietf.org> för Laurence Lundblade <
lgl@island-resort.com>
*Skickat:* den 22 april 2020 17:23
*Till:* Ace Wg <ace@ietf.org>
*Ämne:* [Ace] draft-raza-ace-cbor-certificates-04.txt

I have a few comments / questions about
draft-raza-ace-cbor-certificates-04.txt section 6 on native CBOR certs

When you sign CBOR, usually it is wrapped in a bstr. This is important to
be able to use typical CBOR encoders/decoders. This doesn’t seem to be the
case here, at least I don’t see it in the text near the end of section 3..

Was any consideration given to using the COSE algorithm registry rather
than defining a new one?

But of most interest to me is whether the COSE was considered as the
signing format for native CBOR certs. If COSE is used, then this looks
almost identical to CWT and may be a native CBOR cert is a variant of a
CWT? One advantage of this would be reuse of some of the CWT (and EAT)
code. Some of the fields in the CBOR cert might overlap with CWT claims.
That might be a good thing.

LL




_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

v2.23.0 | Report a Bug | By Email