Re: [Iot-directorate] [Last-Call] EAT profiles (was Re: Iotdir last call review of draft-ietf-rats-eat-13)
Laurence Lundblade <lgl@island-resort.com> Wed, 08 June 2022 19:28 UTC
Return-Path: <lgl@island-resort.com>
X-Original-To: iot-directorate@ietfa.amsl.com
Delivered-To: iot-directorate@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65C96C159482 for <iot-directorate@ietfa.amsl.com>; Wed, 8 Jun 2022 12:28:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.772
X-Spam-Level:
X-Spam-Status: No, score=0.772 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GUARANTEED_100_PERCENT=2.699, HTML_FONT_FACE_BAD=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W_1GfGJfKxkJ for <iot-directorate@ietfa.amsl.com>; Wed, 8 Jun 2022 12:28:46 -0700 (PDT)
Received: from p3plsmtpa09-01.prod.phx3.secureserver.net (p3plsmtpa09-01.prod.phx3.secureserver.net [173.201.193.230]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DBDCC157B59 for <iot-directorate@ietf.org>; Wed, 8 Jun 2022 12:28:46 -0700 (PDT)
Received: from [192.168.1.4] ([75.80.148.139]) by :SMTPAUTH: with ESMTPA id z1K2nS6jqjToMz1K2n5vaP; Wed, 08 Jun 2022 12:26:31 -0700
X-CMAE-Analysis: v=2.4 cv=C8UsdSD+ c=1 sm=1 tr=0 ts=62a0f7e7 a=qS/Wyu6Nw1Yro6yF1S+Djg==:117 a=qS/Wyu6Nw1Yro6yF1S+Djg==:17 a=gKmFwSsBAAAA:8 a=K6EGIJCdAAAA:8 a=X1E-P2O9AUtEqUCPQtgA:9 a=QEXdDO2ut3YA:10 a=UqPUomdImjqGDRjV:21 a=_W_S_7VecoQA:10 a=nnPW6aIcBuj1ljLj_o6Q:22 a=L6pVIi0Kn1GYQfi8-iRI:22
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <9E4661C8-DFB7-4BC3-A7B5-150C774917F0@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_03FC1C97-F906-4121-A7E3-26CE15F3A20F"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Wed, 08 Jun 2022 12:26:30 -0700
In-Reply-To: <A38F37B7-2E81-451F-86BA-0A041760EB7E@tzi.org>
Cc: Eliot Lear <lear@cisco.com>, iot-directorate@ietf.org, draft-ietf-rats-eat.all@ietf.org, last-call@ietf.org, rats@ietf.org
To: Carsten Bormann <cabo@tzi.org>
References: <165443386776.35361.12898474920348394274@ietfa.amsl.com> <E267AEDE-D1DB-415B-B28F-DD78A517D27A@island-resort.com> <A38F37B7-2E81-451F-86BA-0A041760EB7E@tzi.org>
X-Mailer: Apple Mail (2.3445.104.21)
X-CMAE-Envelope: MS4xfOaVXqzQTfw1fwoExBLRiY0dFFlmXg2KqboW53HxhyPOMa7MYgJTl7Rqr6nE48c3Eb2wvlTN+7d2NzoIxgx49Bqam0+Z704CLYB/SPQdX2bvMNEVca/r CxDC7XhT958Uflqtj+8vpgy6x/xqjQM6SL2yXII7zHPA1iLNP47G86O6gytu0xwYEQZLJ7vow7cAd8byMVHrLC2nm0wOnaAZfHZoNMfsJ5aARVRVUYooEoHj RrTN9Zqz/JWJXpfLNG8MpPUZ4zrDBRVixareU1uR3UnRm1ti5dsKih9g0kkD7n090U6RQT63Re+xSciNord/QuOIKmS1i78qmsOBv+969Ts=
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-directorate/8J2le7dV4EnXPYWytOkO6r04Fjw>
Subject: Re: [Iot-directorate] [Last-Call] EAT profiles (was Re: Iotdir last call review of draft-ietf-rats-eat-13)
X-BeenThere: iot-directorate@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Mailing list for the IoT Directorate Members <iot-directorate.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-directorate/>
List-Post: <mailto:iot-directorate@ietf.org>
List-Help: <mailto:iot-directorate-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jun 2022 19:28:48 -0000
Focusing in here on CBOR encoding: > On Jun 7, 2022, at 5:32 PM, Carsten Bormann <cabo@tzi.org> wrote: > > On 8. Jun 2022, at 01:26, Laurence Lundblade <lgl@island-resort.com> wrote: >> >> CBOR — RFC 8949 clearly allows for both indefinite and definite encoding. > > Indeed (after s/encoding/length encoding/). > >> If one implementation chooses one and another the other, there will not be interoperability. > > FTFY: > If one implementation inexplicably chooses only to accept one of them, there will not be interoperability with generators that generate the other. > > Don’t do that, unless there is a very specific reason not to. > (One specific reason may be where you need deterministic encoding — there a decision has been made to only allow definite length encoding.) > > Generic implementations accept both length encodings. > I can’t imagine an implementation that can handle the complexity of EAT but not the complexity of both length encodings. I can. The decoding of indefinite length strings requires a memory allocator or some strategy to coalesce string chunks. The COSE payload, which must be hashed, could be many independent string chunks. COSE header parameter values could be lots of string chunks. However you do the coalescing or processing, it is going to be more code and it is something people may not always implement. My t_cose implementation of COSE doesn’t support indefinite length strings yet. > > This subject is normally not visible to CBOR users because CBOR implementations simply implement both. It’s true that many CBOR implementations are able to decode both definite and indefinite length encodings. That may or may not translate to all receivers of EAT, CWT and COSE being able to decode both because the decoder APIs for indefinite are sometimes different from definite and for the need of things like string chunk coalescing. However, this is about hard specification in the EAT document, not about what’s commonly implemented. If we want the EAT standard to give 100% guaranteed interoperability, the EAT document would have to be 100% specific about requirements for use of definite and indefinite lengths. Do we want to do that in EAT? > On Jun 7, 2022, at 10:14 PM, Eliot Lear <lear@lear.ch> wrote: > Hi Laurence, > > Every point you made below is something that could have been addressed, if necessary, using the MUSTs and SHOULDs Toerless discussed. As I wrote earlier, the most absurd case of this is whether a nonce is an array or a single object. You have several easy choices to avoid that: either say that it can be both, or simply require an array. Thomas and I have gone back and forth about the length of the nonce. Was there any discussion or objection to simply limiting the size of the nonce, as described in the PSA profile? > We certainly could say, "all decoders of EAT MUST support definite and indefinite length encoding” and get 100% interoperability on this issue. Or we can say “all EAT encoders MUST produce only definite length encoding”. None of the CBOR-based protocols I know of (CWT, COSE, CoSWID, SenML) specify this. It is not the practice today. The specification of these protocols thus does not 100% guarantee interoperability. As Toeless says, "As you say, This is not specific to this draft, but IMHO applies to all similar cases of profiles, and yes, the IETF has not been particularily good about it…" Should EAT be the first? I don’t think so for the reasons that these two encoding options were created in the first place. If we require decoders to support both, then we handicap decoders on small devices. If we require encoders to support only definite length, we handicap encoders on small devices. Attestation is definitely something we want to support on constrained devices. That said, on the CBOR definite/indefinite length issue I might be happy to go along with a consensus for “MUST…”, but not on crypto algorithms. For example, I do not think this EAT draft should say “a receiver MUST implement all of ES256, ES384 and ES512 and the sender MUST restrict themselves to only these algorithms.” I think this would cripple the security of the EAT standard long term because it can’t adapt as algorithms evolve. We shouldn't make this with a MUST in the EAT draft for the same reason COSE and CWT didn’t. We could address much of this with a MUSTs in an IETF standardized EAT profile. I’ve thought about starting work on one. MUST is OK in an EAT profile because there can be more than one over time as crypto changes and such. LL
- [Iot-directorate] Iotdir last call review of draf… Eliot Lear via Datatracker
- Re: [Iot-directorate] [Rats] Iotdir last call rev… Eliot Lear
- Re: [Iot-directorate] Iotdir last call review of … Thomas Fossati
- Re: [Iot-directorate] [Rats] Iotdir last call rev… Eliot Lear
- Re: [Iot-directorate] Iotdir last call review of … Eliot Lear
- Re: [Iot-directorate] [Rats] Iotdir last call rev… Thomas Fossati
- [Iot-directorate] EAT profiles (was Re: Iotdir la… Laurence Lundblade
- Re: [Iot-directorate] [Last-Call] EAT profiles (w… Carsten Bormann
- Re: [Iot-directorate] EAT profiles (was Re: Iotdi… Toerless Eckert
- Re: [Iot-directorate] EAT profiles (was Re: Iotdi… Eliot Lear
- Re: [Iot-directorate] [Last-Call] EAT profiles (w… Laurence Lundblade
- [Iot-directorate] Segmented strings (Re: [Rats] [… Carsten Bormann
- Re: [Iot-directorate] [Rats] EAT profiles (was Re… Anders Rundgren
- Re: [Iot-directorate] Segmented strings (Re: [Rat… Laurence Lundblade
- Re: [Iot-directorate] [Rats] Segmented strings (R… Eliot Lear
- Re: [Iot-directorate] Segmented strings (Re: [Rat… Carsten Bormann
- Re: [Iot-directorate] Segmented strings (Re: [Rat… Laurence Lundblade
- Re: [Iot-directorate] [Last-Call] Segmented strin… Martin J. Dürst
- Re: [Iot-directorate] [Last-Call] Segmented strin… Jeremy O'Donoghue
- Re: [Iot-directorate] [Last-Call] Segmented strin… Carsten Bormann
- Re: [Iot-directorate] [Cbor] [Last-Call] Segmente… Henk Birkholz
- Re: [Iot-directorate] [Last-Call] Segmented strin… Laurence Lundblade
- Re: [Iot-directorate] [Rats] [Last-Call] Segmente… Anders Rundgren
- Re: [Iot-directorate] [Rats] [Last-Call] Segmente… Thomas Fossati