IETF Logo Mail Archive

[Rats] Re: I-D Action: draft-ietf-rats-ear-04.txt

Thomas Fossati <thomas.fossati@linaro.org> Mon, 08 June 2026 12:47 UTC

Return-Path: <thomas.fossati@linaro.org>
X-Original-To: rats@mail2.ietf.org
Delivered-To: rats@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id B9C6EFD54A91 for <rats@mail2.ietf.org>; Mon, 8 Jun 2026 05:47:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1780922848; bh=lDo4++7pm25nTjYt3EBbwmP9GC/Ac+ZcnI9QFYlYer8=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=dIK4ktz5P3YjGL8EgmJGFZCRLBbcavzJBLJ0XQfTFdNwzuKXwLoWfPOiry08zwFFY NHH0W8WIg5fTKpXJsfUn86PGZzF/6ciXSdRs+Bm3axWUrc0456Q5mMpT0mx1Gk6Mln rh2dXxGzoT9izVKGmQ+wBmpqXbeY9cqMVRlS/jpg=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=linaro.org
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7pt55rTAl_Lh for <rats@mail2.ietf.org>; Mon, 8 Jun 2026 05:47:28 -0700 (PDT)
Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 23FB1FD5493B for <rats@ietf.org>; Mon, 8 Jun 2026 05:46:27 -0700 (PDT)
Received: by mail-lf1-x131.google.com with SMTP id 2adb3069b0e04-5aa7a7ad475so4267954e87.1 for <rats@ietf.org>; Mon, 08 Jun 2026 05:46:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1780922780; cv=none; d=google.com; s=arc-20240605; b=YbXu17Kp95Q/qL7ELlIQI8BasKo9n4wb+MGIcr92gBqqwh+xHi10dOcO+ltw9t9WmT TNPLV7fH7XSGVwXAJNv64gpmQoGurvXUxZ/bOeSH195MvT2kK8ml1mWIokauYlJGjdTc m+gKDTNu3mcvaGkNkg6oc3VjYmr8CYYtGi94KIHNl8dpX+oWfbtC132g8Z/3HLt/b2td Eq20kVsbo/BYN4G8+xBwDejhXdTLvMQg4mY7Ie/XxdaYwyBtLejTqULntCL3bowCU1OH 09PY/jH0WZHbEwN2uCQyJ1igxTYYh5bcDVwl4H8oS7m3d6MWRqjdHYZGigDt4Kls95SC dh0g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=UZarSfp2c8Mt7DV1LrKua7nghe9MGdAf3VOIQL7g7qE=; fh=FJlcPpejgIU3T0y0HmIN2rfoDJpfvFnweQoosSOVCGc=; b=RQTQivDCfk4rU4osLpOoUWp+d7qb2fEocuunYrmc9j25Lg+3f7TNfjhYCZcgDr/Zhe zYBqykOe0t3Alr/g7CfUshiG35TN0olF6LTTq36x9uhhGpxt92w4mehzb12C2xwrHgQr VEm1ktBtfURtFnxb4Kiwk4g3G/iBYnQi73V5vDW5/UJ93KGT9oQ+0deRZJOG4nntV1zV dZrplE/qJmLNpWnxWnf0Vx77UKc9Nc/1uYW+hgl29IJqsyDwZaHwPpT2LSvz4+XYehtq 0Lhk4vsndBQYyMz8AfqlvZynLuyZrp8m8ZIgZSIck5p6DKMnmF3sAAXA8WIynQZY9xg+ 2mhg==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1780922780; x=1781527580; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=UZarSfp2c8Mt7DV1LrKua7nghe9MGdAf3VOIQL7g7qE=; b=CSCpgviT/O1NPSjHloZ0W8zoFAl5IPCBih7MotMrSdtYAk5V7J8NC4sL6jeSmuYMp5 fjDs5ootA8K8YFBSLmuO8e0vTrq+r2yJGkq0855695mf1V2Zd50dm/lYQ/UL5NjjqkSw 1jCV3C9dxtMRIPLHkdFNENAis0JYfbs6i0c0u1hnUEzH2QpSCLm91UZLEppI/SfJ+Ipl JtF1LSTMpsHQg5HXrT+ZoJoELKVRQLkBLzOrpgXKluzW8z8fi15swFaoCdDXPQHV1nl0 BoK6QrCK6zcqPE+qVkOw75xDBwaU90QX2+7eX0K/C5A31otk0C6g3qe29/CXOCG3QrWj Upag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780922780; x=1781527580; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=UZarSfp2c8Mt7DV1LrKua7nghe9MGdAf3VOIQL7g7qE=; b=PK0pcXAxYg6HarPtGPwjtkDoxD7yuZvirE3bieZh4nf5mIk9aJmC+uSe/Tpgv1k+H6 wwcOX92pLvb4vJMVaHF+8Wy2LZuW+kIAfT4g0kUVLvJzDKfR1d3wnFyY0CaErczVXGGm 2B0M4srcLrAzxSgWG2+sw9MdzuSQptJS4dZbNJdh5PgQPIYfU6UWdU7WT0RtGf9jWCxm fURPew6+BO5U2H8g18p66KahirQ8l3joJsl4zFZ1jHH2BBj1Ibr1e+nWKsQYl/lgi5XY 3SqFaF9Mf4Kp+GpPes60gsqfM/saIBI1XGFt/A+gxaugerWFemNgJSj0UKHrc0GpDphO xy9A==
X-Gm-Message-State: AOJu0YzwqAawFK/GyOg6Evr3eLjZwcc5jLPZ/M7VY75gt4abJPHv3Qb+ srlWBs56ZJNLVALzCqONn8GHEYOLvR8cnRb+IYM27N6LO4pjH9q2GIOiOC1CmeRp3wj+v6g2y+n bNGoJoJWpHtMSd+Hxpa7KhZd0vO9+S6s0ZfHO3Nir8g==
X-Gm-Gg: Acq92OHXmhOJp1wDMUVEag0pd6ynTJ0TYLlKzYFoujcQCqH5ZJUA31cnzth0yOaHY2k qtl9gyL0oK4FDawsXzkwfUNxdM/TC90aUTdFL9DWOOWqbvIuWVV3IusvOl4bBX7kIvrgWN5Gsb4 FJ53IwDiZ+lWiImVQ636Gas/Fbbf5vwpziUhgAYNagpOebZ83oayxZfUocwuV+N3B2p1ueY9dvZ 3fmOe5G5R8/etZKPBX8gYNQSikOHFsaX8WRbv/0gxsUFkfMmTPVLkaDoR+1jpDIpxjfrKth7Zig yuTHcZwOAzXMDqtmjfAE8gRqHUO4g0I7kbRMuJrffdYQfHGnw37+OqUCcDPnXeXZwpWdWS5yGRk 574WcKu22OSnaUQOF7UPjWNCJl+OOjT2mpAU3GYWWHUPsHsjWdLcNdJx7A0ez7ErxsXVtiIBDRB rawy60EH8W+MJTqdDMINs=
X-Received: by 2002:a05:6512:3f09:b0:5aa:7126:c645 with SMTP id 2adb3069b0e04-5aa87b69ffdmr4522495e87.2.1780922779497; Mon, 08 Jun 2026 05:46:19 -0700 (PDT)
MIME-Version: 1.0
References: <177979461501.860642.12102997924387917673@dt-datatracker-5b4c8598b5-4ztf9> <CA+1=6ycGS0_aWN2QS0NekBc5G+02M8h3buhado90rrwgvFsM-Q@mail.gmail.com> <14c17207-95ba-391a-f05c-180c6de66666@ietf.contact> <CA+1=6yfrNaqQUnMuQMo9XCYOqa_7K34eS+59+wsU3eJRfErONg@mail.gmail.com> <1971324.1779996819@dyas> <CA+1=6ydMA4-M1hsvYedH8qOsPmoF4HRsaGunCppsxU7T7yx86Q@mail.gmail.com> <11839.1780168291@obiwan.sandelman.ca> <CAHxYnaP9xgGO3RJ32uRC764QW5nUfspGwc+Wwp5YaopsuLGaag@mail.gmail.com>
In-Reply-To: <CAHxYnaP9xgGO3RJ32uRC764QW5nUfspGwc+Wwp5YaopsuLGaag@mail.gmail.com>
From: Thomas Fossati <thomas.fossati@linaro.org>
Date: Mon, 08 Jun 2026 14:46:00 +0200
X-Gm-Features: AVVi8CfEzDQ4UrckRq2XfE5ohn2TlgAv29mkiT6_5i375GeL8DiVhmoD4Z1aNHA
Message-ID: <CA+1=6yf4dV06SSyO3nyH7o_X639-vgHPL5nzS_Fe5gijyxUHjw@mail.gmail.com>
To: Nathanael Ritz <nathanritz@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Message-ID-Hash: 5OYKCLLLEJGX3HBYPEQGBFU2MWRDWEJ3
X-Message-ID-Hash: 5OYKCLLLEJGX3HBYPEQGBFU2MWRDWEJ3
X-MailFrom: thomas.fossati@linaro.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: rats@ietf.org, Henk Birkholz <henk.birkholz@ietf.contact>, Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Rats] Re: I-D Action: draft-ietf-rats-ear-04.txt
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/o05dqCY7OhHrAnJIqFuLoQlJ61g>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>

hi Nathanael,

On Mon, 8 Jun 2026 at 10:52, Nathanael Ritz <nathanritz@gmail.com> wrote:
> [...]
> How much extra burden will adding COSE_Key support create compared to the performance gains at large scales? Is throughput performance a factor here

I don't think performance/size is a critical criterion here.  (At
least not in the scenario I am familiar with.)
Note also that we can't introduce COSE_Key without also introducing
JWK because of the double encoding of EAR/EAT.
This means that, besides the RP having to support two (albeit pretty
similar) key formats (instead of one, SPKI), the encoding overhead
cannot always be minimal.

> or is it more about someone with COSE whatever support already at hand feeling annoyed 5 years from now when they have to maintain tooling to parse a legacy SPKI formatted key?

I don't think RFC 7468 encodings will be considered legacy anytime soon.
There is simply too much infrastructure that relies on those.
And therefore, I do not think the associated tooling will become
unmaintained in the foreseeable future.

This is one case where "old/ancient" has a positive connotation, as it
implies universal support across all crypto stacks.
Unfortunately, the same can't be said for JWKs, let alone COSE_keys.

> I think Henk has already provided other parallel examples of work that supports COSE_Key, but does the WG have implementation feedback on how much they like or don't like having to provide support?
>
> Do we have any further data here beyond (with deep apologies) "implementation ergonomics philosophy", for lack of a better term?

We can easily compare the encoding overhead, which I believe would
show COSE_KEY << JWK < PEM, at least for raw public keys. (When cert
and cert chains come into the picture, the delta would be less
conspicuous.)
And/or we could build a feature support checklist across crypto
stacks, which I believe would show the exact opposite result.
Would taking the time to compile those help us make a decision?  What
would we learn that we don't already know?

cheers, t

v2.46.0 | Report a Bug | By Email | System Status