Re: [COSE] A couple of COSE questions
Jim Schaad <ietf@augustcellars.com> Thu, 15 June 2017 21:45 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21E451279EB for <cose@ietfa.amsl.com>; Thu, 15 Jun 2017 14:45:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=augustcellars.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T7ULsKS2YRg5 for <cose@ietfa.amsl.com>; Thu, 15 Jun 2017 14:45:56 -0700 (PDT)
Received: from mail4.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AAB0126CC4 for <cose@ietf.org>; Thu, 15 Jun 2017 14:45:56 -0700 (PDT)
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0017_01D2E5E6.152571E0"
Content-Language: en-us
DKIM-Signature: v=1; a=rsa-sha256; d=augustcellars.com; s=winery; c=simple/simple; t=1497563153; h=from:subject:to:date:message-id; bh=BnjduzyBJasRImMoGwNx4wvaz3oyVSk4uJvnneSzJrs=; b=UQpkOgar+9LSIY0SudILrUegV9vyi/oG2EOfIvAQOmTVy0WCpYGFRxqtn/Vm+wVSy7OXrnOi9IB fJuyPGLyUZEEt0enzGrIISEnTiu/4NlL1aZY9GN6BL/BZpRzZ+PUmezF8ittbzk2S6vNFcwjDwEHC r1KDCRZd2g692En0SS5R44NgEzJBeKHLRi3OkTKnS4WDc42GmG0Cz8Ky4Qc4TJazSeMQiHFKaTrBj W0OW3fzNOMWCNwn/AOnlERxPQSIiPOkKLinTj6cgIDha8BnfiEm1tAcsS7h7sk/dnCkpKaAoaBqVd FB93QccQfgdbANmttpUKqVMuC5+f9JlYRtpQ==
Received: from mail2.augustcellars.com (192.168.1.201) by mail4.augustcellars.com (192.168.1.153) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 15 Jun 2017 14:45:52 -0700
Received: from Hebrews (192.168.1.160) by mail2.augustcellars.com (192.168.1.201) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 15 Jun 2017 14:45:49 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Laurence Lundblade' <llundbla@qti.qualcomm.com>
CC: 'cose' <cose@ietf.org>
References: <E60C729E-0212-4C01-B442-B8E31836FB0C@qti.qualcomm.com> <000601d2e61a$84840b30$8d8c2190$@augustcellars.com> <05AB593B-CAE8-4229-AE51-8A701C049C5E@qti.qualcomm.com>
In-Reply-To: <05AB593B-CAE8-4229-AE51-8A701C049C5E@qti.qualcomm.com>
Date: Thu, 15 Jun 2017 14:45:48 -0700
Message-ID: <001601d2e620$c17fdd10$447f9730$@augustcellars.com>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQIf/JZRcsJoiB3IJKBI3+iluTCx4gGkZtS2AcnAAyShcNb8MA==
X-Originating-IP: [192.168.1.160]
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/zygtDYIwaJZdKEsGKkeCLisZBl4>
Subject: Re: [COSE] A couple of COSE questions
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jun 2017 21:45:59 -0000
No id assignment for the algorithms yet because the draft has not gone to IANA. Jim From: Laurence Lundblade [mailto:llundbla@qti.qualcomm.com] Sent: Thursday, June 15, 2017 2:14 PM To: Jim Schaad <ietf@augustcellars.com> Cc: cose <cose@ietf.org> Subject: Re: [COSE] A couple of COSE questions Thank you Jim, A few comments below. On Jun 15, 2017, at 2:01 PM, Jim Schaad <ietf@augustcellars.com <mailto:ietf@augustcellars.com> > wrote: See in line comments Jim From: COSE [ <mailto:cose-bounces@ietf.org> mailto:cose-bounces@ietf.org] On Behalf Of Laurence Lundblade Sent: Thursday, June 15, 2017 12:58 PM To: cose < <mailto:cose@ietf.org> cose@ietf.org> Subject: [COSE] A couple of COSE questions Hello I have a few questions… Registration of hash algs There’s no assignments for hash algs (SHA-256.. SHA-512, SHA3-256…) in the IANA registry <https://www.iana.org/assignments/cose/cose.xhtml#algorithms> here. I assume this is because the COSE protocol doesn’t have a need because they are bundled up with the signing alg identifiers. For non-COSE protocols that use CBOR and do have a need to identify a hash, would it be reasonable to add them? The COSE registry seems like it is the place to register algorithm IDs for use in CBOR in general. I assume the process would be to write a simple RFC, publish and then add to the registry. [JLS] Yes the reason that there are no hash algorithms is that they were not needed for any of the core COSE functions. I am in the process of registering two hash functions as part of ietf-schaad-cose-x509. These are a SHA-256 and a truncated SHA-256. If you want to write up a more complete RFC for this that would be fine with me. SHA-256 will do for now for me. Do you have the value for it yet? I don’t have time for a more general write of more algs at the moment. Registration of tagging for COSE messages Why isn’t there a registry section for the tags for these different COSE messages? COSE_Tagged_Message = COSE_Sign_Tagged / COSE_Sign1_Tagged / COSE_Encrypt_Tagged / COSE_Encrypt0_Tagged / COSE_Mac_Tagged / COSE_Mac0_Tagged [JLS] Not too sure what registry you are looking for here. But I think you want this registry <https://www.iana.org/assignments/cbor-tags/cbor-tags.xhtml#tags> https://www.iana.org/assignments/cbor-tags/cbor-tags.xhtml#tags That’s what I was looking for. Tagging of bstr wrapped data It seems like it would be helpful to use an option tag on the bstr-wrapped payload for COSE_Sign and such to tell general purpose parsers and translators to remove the bstr wrapping and keep going. Tag 55799 seems like the best fit so far, but it may not be a perfect fit and it would be nice to use a tag less than 24. [JLS] I am not sure that you would find this generically helpful. The problem is that the parser needs to provide both the encoded version and the unencoded version if you are going to do an automatic recursion of the CBOR decoder. You need the first in order to do the signature validation processing. This means that there does not seem to be a real point to making the recursion occur automatically that I can see. We have not provided all of the cues that would be needed to do a stream decode and validation at the same process ala how CMS does it (and even then there are cases where you need to go back and restart the process again). I figured the answer would be along these lines. To be more clear on the use case, it seems you could have a small chunk of SW that just does signature verification, that doesn’t really understand the details of the payload. Its output is a yes or no. Then you use a general purpose off-the-shelf CBOR-to-JSON translator on the payload. It only runs if the sig verification passed. LL
- Re: [COSE] A couple of COSE questions Laurence Lundblade
- [COSE] A couple of COSE questions Laurence Lundblade
- Re: [COSE] A couple of COSE questions Jim Schaad
- Re: [COSE] A couple of COSE questions Jim Schaad
- Re: [COSE] A couple of COSE questions Laurence Lundblade