IETF Logo Mail Archive

Re: [COSE] [Rats] RAM requirements for COSE/CWT

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Mon, 21 February 2022 14:32 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7D1A3A10E7; Mon, 21 Feb 2022 06:32:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=dmlvnTCm; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=dmlvnTCm
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8GQDERe3MimE; Mon, 21 Feb 2022 06:32:10 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on20608.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d00::608]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC3143A10E0; Mon, 21 Feb 2022 06:32:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xgLmMBT/ehNkvcmeg1nn7E835XHX49R9LscwE1tRUSo=; b=dmlvnTCm9sWCCWwr+nCyamguPCFnNwrPcN4R72PI6VDUfVRwTM/FixgKhXihNiR9ujw/NicuBE0XbZlAsA0TAj9PoewghHizh6v9GzXthl4xDCGfEjS5qYPwrJBxRv180gXpolyQ0ohMAgI9ZeAr87MFYFtjiMvuistpWVZP/Ts=
Received: from AS8PR05CA0009.eurprd05.prod.outlook.com (2603:10a6:20b:311::14) by AM7PR08MB5398.eurprd08.prod.outlook.com (2603:10a6:20b:103::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4995.16; Mon, 21 Feb 2022 14:32:04 +0000
Received: from VE1EUR03FT058.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:311:cafe::67) by AS8PR05CA0009.outlook.office365.com (2603:10a6:20b:311::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4995.27 via Frontend Transport; Mon, 21 Feb 2022 14:32:03 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT058.mail.protection.outlook.com (10.152.19.86) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4995.20 via Frontend Transport; Mon, 21 Feb 2022 14:32:02 +0000
Received: ("Tessian outbound 741ca6c82739:v113"); Mon, 21 Feb 2022 14:32:02 +0000
X-CR-MTA-TID: 64aa7808
Received: from 12ff8a22186f.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 38FE4C9F-0165-46B9-BAC7-FC43724FC1DB.1; Mon, 21 Feb 2022 14:31:56 +0000
Received: from EUR05-DB8-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 12ff8a22186f.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 21 Feb 2022 14:31:56 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=btg+YxZIdWg7oVtYHCUz35Gn9FXmhnv2jyBskV2Xbxfs5e3TWYISLqnHeBZWFYx0K/QpchOBtHWa0ChNPzfyj6yQVvd506g9CEdnA9ak/SwyVcuCIe8kMm/M8LL3mRxgoz4M4+tUkvvB9j6/IYcZqUJOit0w4o6LEsz+jI75ffsk1YvSdwVmhAkJWCOM4SPAaEaiwME2eG6kOyBJ624VHyPE9hrnXAn9gQTOw9cThAZvk2/jwLmDkXIDvkpmpRgQp79xgXGH2ORkx5W7MOlVG6fzChWODOiyoKyVxYnwcoTolTJBxTU6A/e1yCtPOdFwKyhpYoPR1C5uu6dNOB7hxg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xgLmMBT/ehNkvcmeg1nn7E835XHX49R9LscwE1tRUSo=; b=HyKpcXa62nmf0vR9cvsllu/EujRPpmPcIYldkH0XW5/BhoM45UEQtjhd+NydIZXExUk3g8PUV6UOpofFnMYd3KNlmZ8oUGDs0FcI5WRaBQXPFLI2wYd/T46IshrqZusesMjuUiW2ym8kEKB89AWjfxO/+crRzGiC7cpC5eBvbFuu7lM9yk1S+oo9lXtDcbSEcbau0eHTst8J4rKs+70cVmQnkFvUWUury00bhXZXUoSHP4PenhtzpKl3wzJYxA4hUls21sOYQecftMY9TAtls/KIABVe9VnKoexIjYXwt6juYJV9rs+gYw9+S5Y9wIX3cg43+4P5/RQyinxZutTUYw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xgLmMBT/ehNkvcmeg1nn7E835XHX49R9LscwE1tRUSo=; b=dmlvnTCm9sWCCWwr+nCyamguPCFnNwrPcN4R72PI6VDUfVRwTM/FixgKhXihNiR9ujw/NicuBE0XbZlAsA0TAj9PoewghHizh6v9GzXthl4xDCGfEjS5qYPwrJBxRv180gXpolyQ0ohMAgI9ZeAr87MFYFtjiMvuistpWVZP/Ts=
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com (20.182.199.81) by DB7PR08MB3162.eurprd08.prod.outlook.com (52.135.129.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4995.24; Mon, 21 Feb 2022 14:31:55 +0000
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::b478:3f3d:2464:65c8]) by DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::b478:3f3d:2464:65c8%6]) with mapi id 15.20.4995.027; Mon, 21 Feb 2022 14:31:54 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>, "rats@ietf.org" <rats@ietf.org>, "cose@ietf.org" <cose@ietf.org>
Thread-Topic: [Rats] RAM requirements for COSE/CWT
Thread-Index: AQHYJurBJjgsnwOu6k2fwmjJ3fLD/KydyKTA
Date: Mon, 21 Feb 2022 14:31:54 +0000
Message-ID: <DBBPR08MB5915B874FD16107A7B0105AAFA3A9@DBBPR08MB5915.eurprd08.prod.outlook.com>
References: <e8995f0c-ad85-f702-da6b-051ffdc4cb08@gmail.com>
In-Reply-To: <e8995f0c-ad85-f702-da6b-051ffdc4cb08@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 9F3C90526BDCE443960E40CADDD0A521.0
x-checkrecipientchecked: true
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-MS-Office365-Filtering-Correlation-Id: d4e2a1c1-48ab-45de-826f-08d9f546ed6d
x-ms-traffictypediagnostic: DB7PR08MB3162:EE_|VE1EUR03FT058:EE_|AM7PR08MB5398:EE_
X-Microsoft-Antispam-PRVS: <AM7PR08MB5398997278FEFF574E9F99EFFA3A9@AM7PR08MB5398.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: k8YjwWWGxhq/TD0DdXMzg5sSmUKIrFfcOVK0tNSMfJEwFqLTcKkeqZG7wudUfEPg8CX+wnn5Y3sCbKGVhhNQ0Hj9MUVoV/52L+Vm1PpSb5reQ3erj+c+Agsry7AUV3FTCOjzdFyswpq37Wfy4TIGLL+5qWXQuUaTNyhnuNY6seuGNhRF7u2eyGwyvuhwWepu73tk8mBw1FFbVTEdps55+GvqUd4cyiDESKISluLrB43RGbusiWWt+lqNhrgAoamWEJ0NsHbWBr3CEsX8yHup9kk3uY42CX2+5r6ru5m5keM6BTHiCnROgBGqTPH7p74Jrqm8V1JbcIxBwSMRB1mCvTXTm1ROOF0qvWfjaWnfw/V92rvLjBElP+sjUqXUWje7YfdV2xDjwcwsY5ELUeyr9QqVnIqwUKPwtOfNae/krkDjpQFQCZHIOdnp+AaPC1zOi2dYcmxjHUNfEaARJ+GsERwqUwoSevuqZAndlNJunV01AYxOrx/hGoAKT+PrZ6wZYJJoGCigigPxCQItLvxv6ueJZrm6iLmo/3PBgP2vHiwP6wCEaFhG9ascqV42zAjNn6UdSvLk78vgdlsVZ5mO8josrGOEO/yycnQ+LQ+2eda3cAA2PLVFd50wcItU+0vFc0R3QifSIn6aWBL76Ok7PcE3wy9+8Ws0UdJcNRN4yGu7Rp0evsjFEtm3vkjS3KatbbFzRB403fjnTvb3dcmOb5tRxxTXzURg63Qfdw8jYrxeSlHaqllfN/QLfkR5/0Hs6hnb8z+bXPYu10SuPk4Xz+Hrf89jWCt85zPhpQyQFkvp4qLLKBQgBuLy/L1gZd38rIDKIvc3nDnbZgoe0YL/UA==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB5915.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(9686003)(26005)(186003)(53546011)(7696005)(83380400001)(76116006)(2906002)(5660300002)(8936002)(52536014)(508600001)(64756008)(66946007)(8676002)(55016003)(966005)(66446008)(38070700005)(6506007)(71200400001)(110136005)(316002)(86362001)(38100700002)(122000001)(66556008)(33656002)(66476007); DIR:OUT; SFP:1101;
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3162
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT058.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 0b47fc3c-adb1-443e-913d-08d9f546e8aa
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 6HKbXKbdITVKQuDx2gBdTg59AaEAsJQ61u3IGgKc5bPOqGUWhB7W8Vjrg6cWBrPClkm83bJ2IwyOXjkdh+L8OAvXP1+aoEulADYraN63kv26aYKXwQUcdqtU9qz7FF/v2dOPLA4FHEgDOK6ZGXaMV/iVLx4/k65n3eVNm/1LjsW2mpJ2JYsws3w8m54OS774KJUP0Ds7FU14jJfpTfKi71zrscRymxZ6xw0WrXhZxE2sA4gfdP4dRfxTDAH2h3K8TyQq61bM+qTcZimT4F9fDiwfCVrpDS5FGQqdyMQbq32+GCTt2EgQpahmGUdxANWJD/qMLppOPmRuRZ+RIAg5WlSEYlpGIc8XhcgJUHcS5gTWWT3nMDRhmgFC3soYTkA7CkVNPdxSRT2DKIS2gHelnTZDOuiGNyFAiUnszROEs2i2gcAirpgyrH6nOWdl7993GqMs/SFRZXncgrjF4hV6NtC7+pcnUAbv6mpMUq6I5DmroN+KyPYdf+u0opJYA9VINqes7nBeQW77wKpLeNGJtmWxiPnvmZzgjdxsMVqeWaOhGFm1oOsHU56r9v55/dsXAmV5hPB8Q9CzvE+QGUDzU6I7rR6b+tabaMRPjPRfJajGYjFWSxJJTuSV6hZugqPuLq/e4UzK+gmfM8t1A5p97GLVj+vK/3gXAFfZ1rEMc5u8v+PJNA4kvryfjVQDLr+7bK4XV3oH0/yho+4cpZ3wRRGf/M1/j8MZqfU8MMtor44mU53sreuDpqG0dhKTVvem20nV1BlR+aU0otRm+G5zidfnbGVASPPDO1PoJnLA6QI=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230001)(4636009)(46966006)(40470700004)(36840700001)(26005)(40460700003)(6506007)(7696005)(86362001)(186003)(2906002)(53546011)(81166007)(356005)(36860700001)(47076005)(70586007)(70206006)(83380400001)(82310400004)(316002)(508600001)(8676002)(336012)(966005)(450100002)(9686003)(8936002)(5660300002)(33656002)(55016003)(52536014)(110136005); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Feb 2022 14:32:02.8122 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d4e2a1c1-48ab-45de-826f-08d9f546ed6d
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT058.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR08MB5398
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/zFH45PtG5t_tyhGb8koMquQNlSk>
Subject: Re: [COSE] [Rats] RAM requirements for COSE/CWT
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Feb 2022 14:32:38 -0000

Hi Anders,

I assume you are focusing on signing the CWT (rather than also encrypting it).

The size of a CWT (with relevance to RATS) is fairly small and holding the CWT in RAM is not a problem. The example in https://datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token-08 has 417 bytes.

I could, however, imagine to write an COSE implementation that does not require the entire CWT be held in RAM since the digital signature just covers the hash of the CWT and you can use a rolling hash.

Ciao
Hannes

-----Original Message-----
From: RATS <rats-bounces@ietf.org> On Behalf Of Anders Rundgren
Sent: Monday, February 21, 2022 7:17 AM
To: rats@ietf.org; cose@ietf.org
Subject: [Rats] RAM requirements for COSE/CWT

Pardon the cross-posting...

A pretty strange subject line, right? :)

However, there is a reality in the form of constrained devices that in order to use COSE must either turn to yucky infinite-length encoding (https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-11#section-8.3.1) or create the entire payload in RAM, here assuming that the exact size of the payload in bytes is not known in advance.

X.509 certificates (that were created in a time when virtually all devices were constrained) do not suffer from these problems due to their reliance on deterministic encoding, followed by a separate signature item.   A further advantage of the X.509 approach compared to COSE/CWT, is that the claims are not stuffed in a blob requiring yet another layer of decoding.  However, compared to ASN.1, CBOR is much more "RAM-friendly" since it doesn't impose a byte-length over items enclosed in a map or array.  Concatenation is all you need!

I believe the time has come to seriously look into alternatives to COSE since it was "inspired" by JOSE.   CBOR <<>> JSON.

This GitHub issue elaborates a bit more on this topic: https://github.com/ietf-rats-wg/eat/issues/168

Thanx,
Anders

_______________________________________________
RATS mailing list
RATS@ietf.org
https://www.ietf.org/mailman/listinfo/rats
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.8.7 | Report a Bug | By Email