IETF Logo Mail Archive

Re: [stir] "rcdi" vs MIME Content-Encoding

Alec Fenichel <alec.fenichel@transnexus.com> Mon, 01 April 2024 20:29 UTC

Return-Path: <alec.fenichel@transnexus.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75E8EC1E0D9E for <stir@ietfa.amsl.com>; Mon, 1 Apr 2024 13:29:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.088
X-Spam-Level:
X-Spam-Status: No, score=-7.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_MIME_MALF=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=transnexus.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W8XSMg9K4qlT for <stir@ietfa.amsl.com>; Mon, 1 Apr 2024 13:29:10 -0700 (PDT)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2126.outbound.protection.outlook.com [40.107.223.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34114C151998 for <stir@ietf.org>; Mon, 1 Apr 2024 13:29:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mQcQgNb7R5E6h/bOnz2O2QdmTYByiklCF0gPEYCeq4Xr4Bf2lW2DniGE7TKYnU02WLUIBx4kzDSNWwu2SdAuIOHm+1MWbxNH7cDt7xzDV1oNtHaZSyilZlvyCXjpEtJVDqe5j3noFfiwwKpkJwnqx7MKcubuKSa0deK11tEtYtnOg+MpKGlAeSP+1PfbD644doGpGct9ZHs05SwOe2qT4HpRYMR1hxdfcpVYcO0XLjau49ckcNtkAKsdmk70YQnv9/qIN9dZcj4mvsEe65kZrlJt2xaqR3911PkK7AzRXr0uz8lioTmV+tKKffE4d1r45d3ivZglnXdBCALQT73OTw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5Ncaf2qNYw5tQCzt1FjwGzFMuMnuEAVQsBAqJAq6R40=; b=BeaPsnC77Be361dIf24UIelPNGwSnB56cLf6ZkgnrpYlk5+uKRBVAujcEDKrEjY57RvaBGcAmBvymNlDv7lUtjQc4UlrnzkprJZIiGmQVowtbR7cYnVeaDQeyLSySAu/F3ht7HSRhRep4JN2lMPQ/tDSDxiQ8D/+kiCkn42FeV/fDMnz2aD12ka2Wj0UTtrR3rUtg0kVGDXswhZUpoFnx8ebjeDeS4+NiBG+++lp6jFjrb0shshF72Qre0hmwWWD23WV/aWpKU2iHaJaG2VAWdW1KeMhEjJX6rm4dT6NPdSiRpYZ/Zs4bDUW3H+7OaU9NHLtA6PxdKEuuUK8LdpVtw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=transnexus.com; dmarc=pass action=none header.from=transnexus.com; dkim=pass header.d=transnexus.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transnexus.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5Ncaf2qNYw5tQCzt1FjwGzFMuMnuEAVQsBAqJAq6R40=; b=iOmdPPLmwSJllB8DWLB+4imzJLhPLrXCq8Sn3YDh6/Ow28fT4HEQxsZ0vJWhROx6vPLNijPZO4AL6tU4V6PBerpedEprl53Jl+qKbHt41MRf/c4BbHT2LrI0ebaaYviY3wNSJISr/gdGkTRYpjA8yLy0RTw7KTLjvMPuvL+qUlc=
Received: from SJ2PR11MB8402.namprd11.prod.outlook.com (2603:10b6:a03:545::18) by CH3PR11MB8415.namprd11.prod.outlook.com (2603:10b6:610:17b::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.22; Mon, 1 Apr 2024 20:29:02 +0000
Received: from SJ2PR11MB8402.namprd11.prod.outlook.com ([fe80::60ba:a4f3:c479:c160]) by SJ2PR11MB8402.namprd11.prod.outlook.com ([fe80::60ba:a4f3:c479:c160%6]) with mapi id 15.20.7452.019; Mon, 1 Apr 2024 20:29:01 +0000
From: Alec Fenichel <alec.fenichel@transnexus.com>
To: Ben Campbell <ben@nostrum.com>, IETF STIR Mail List <stir@ietf.org>
CC: "Peterson, Jon" <jon.peterson@transunion.com>, Chris Wendt <cwendt@somos.com>
Thread-Topic: [stir] "rcdi" vs MIME Content-Encoding
Thread-Index: AQHahHIqO/ezGhiAeEmzw7nOuWxug7FT27L5
Date: Mon, 01 Apr 2024 20:29:01 +0000
Message-ID: <SJ2PR11MB84027F8DE9935943D8652002993F2@SJ2PR11MB8402.namprd11.prod.outlook.com>
References: <E7B3FBBB-672B-4CC2-AB32-B13C7759D861@nostrum.com>
In-Reply-To: <E7B3FBBB-672B-4CC2-AB32-B13C7759D861@nostrum.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_bbffddd8-f0ef-4859-b7a2-4d67ee51c2d0_Enabled=True; MSIP_Label_bbffddd8-f0ef-4859-b7a2-4d67ee51c2d0_SiteId=8e2972a2-d21d-49ac-b005-18e8ceaadee3; MSIP_Label_bbffddd8-f0ef-4859-b7a2-4d67ee51c2d0_SetDate=2024-04-01T20:22:18.9674398Z; MSIP_Label_bbffddd8-f0ef-4859-b7a2-4d67ee51c2d0_ContentBits=0; MSIP_Label_bbffddd8-f0ef-4859-b7a2-4d67ee51c2d0_Method=Standard
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ2PR11MB8402:EE_|CH3PR11MB8415:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: TUT2U+Uo46XP9gHYZaQHOKXjUDsVTaWVd+YQc6WNG+ufIqw1WL3Vu8mKM0tJpHFoUEHb+6hpzgQQiFQGKgR97P2bVbIoBTry8dHXp+3TVHvk0Ai67wJ0JwUp//TFSXOM0VpaK8UTVRWaquUMY/hFQkNBCno7njctAYredsJG0RHjdOcpDH9qSGTWBhjO6SMWua32G8UYm5ffDPKnIcFKEXhkXoaGMwpZA9L5VptZqTNQG8FCqYNTl4gPQdPgWnzty41Ws+WGScHhj4jGZuaiZGhv/RtA8Zj3OhwwVfI9JaEAqbfOLEhxzmmDgNvayCEZnOg5PgvZvy/QGg89gsGGvNEs18l4iEII/2ZL1d+/KiQSD8xh5TTNaUBY2y4yuAp4umc7xxhZ0GzE+2p36zKbrNVStOrZ9soWBF0oo6TB2tfbwYUcOn5/hYmY1jAyj7MdRobCU5hmf8bqQLlNHRAJMwsoj/DRY0/0vJF5p2Ocy9bxvbnGrE2xLUKxCz91xE1/rl0F6uWZqngVTtvsNyHdaoQoe4YFHHbrFiEz4WJsoW6DQ8jBzh+SoXam+BcPgR9M
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ2PR11MB8402.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(366007)(376005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ATqD7WPxipQLeK5ILbxjrb6VFT/Q0nLy/HAORmNTrduCA7RsKzv0GushS2upkfHoQixuhK3LPq6+7BeyJuMSV0EVPiBxkLme0LKL0LS4Po+vDiI1Q/JSF5HRGxf/L3k0bRY1JY78isbw9CNiqAGP8Ixg5fdfBGUMjA6oJdVK+rtkIVw//Dk9IsZsB9COPy4QZcgL9DPtrzF5/K+dDnLIOYfFmuoHCHdd6eMd2UpJRV5KcyxPLFNIlXqBznCivYHV14BPmh8QRKtUqdnFkL0ZPEWjDU7NfEARV146OIdlnoTzb+0dtJQqQyUCmYIhXtkuqgGbPZfNTzCxS3XE0ltKdouspT4kUd8sMkef3MVKyQ9FgCgI5xcJEjEeEjseYV3h72jh5z6HfddNkSjbc9x2trl5sG3xaCyKA5AzQ2VTEdmFW6t+ln0ukaHXr0ylaoby4OHk4s0FqkrN/D90LmMU8OkjuexcAYGI8Pl99uthsyrVYwZVeoUiPv5SWfU5idr5pqovY4oAgoptswFPYYsd5f4blr1DwKuHEGy5fJ5zId/IIKLHwvaXBsYxV4UFsn1k4r9s4GlBq0pNxxg6zJEsvf1qQZJRBxRX0e6dr1iboCnca0KfQ/0hFiQf8r/x4A3KnNYBCXcE4YU0EvkbFtqHEN77kRP+5gF2WZF5saU1T+D77tqUGY7FVqDuqdVhMoBMYRxqrHjvrpvhJsdT2gBEmatUvzPzQb/1Ff8jpRpQI+bMnGLJh9sJAmcYr++emKlmHJTv1EdKgjt45IGefX02H8mpb2ZEefS0ER6N9+NR2bR+aTfLw6zwjsYFgErp4MFfYTbySmdY9HJ2KHsPvAif3ekXkdLWbasj9IHEixmWGNG7XVhobDfxo9p3/nXGJ5Oo8etH/v3BniLpaf7/Oi7I74YgMMlgfIaSMsJPhozWIG+/lZRia13Lp155C2SX8KJDRP+8ln7U/lUBbvOvpkRKk6aRE+/pKhBlEBjBfvkUiVBrBJxybULy96ScpcZP+6tgctf1/tJBBdi7x5q0Ih8T7pjEHxCL54PJmJcU6l5+QvpxWyriwEeHfEWnUOfEJkmC5m/5jkp7CfH//jjiZ9nukI2dS7MGKY1deFqsmUHf7Dydhaw/iI3Ljrx76ndoFhJK56ACfFdOJd1dDE79swTkDafyooKuzjnmu9MaghW+PMAMYKqUNo3W2utvQRJ3FEGzD9Byrv8fnbaS+yljLc529ESq9DFmpCkPoKPrKwKM8fmZFNZlYRgHnI4P9Fe0fASmvbben1oDXumf1IHS/XiIlrlopWagicDVmNtEvkOnbKRoA1ARWiK+QvIHYIN5hxLNzR6TRK2k/ftck+OVx0j0fjxTiXbBajt+BE6PQ7aRNPuoOJ2MXF/eL3Wu2WyWlC+v6Xwjuu5VO4Igg3OWPBr7oZ8muASoPGw8Vtz/QNYXtfPo9HUo6WepU43zgGScFFB3WRdhhRzhQPJFH6TWbBuOP9blnA6qXf+FapuQP5wsjEry9rkbO70N49/AgFXkI4WprSq6+QuXNtAcvq9/IUF98ptAQmkv3SrK67BfcljS1xY3VRlrg9NjyS+Kft4YXoY1EUi0W/pdfxclJFf5+hFs9sQQxd2zTnkCDjCy+NxZqKl3bhENwP65q/trLUIuDDow
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha256"; boundary="_88A98120-8032-B349-82E2-5A5845AC4227_"
MIME-Version: 1.0
X-OriginatorOrg: transnexus.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ2PR11MB8402.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e1647497-8fab-43a2-2cd1-08dc528a5e17
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Apr 2024 20:29:01.7088 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8e2972a2-d21d-49ac-b005-18e8ceaadee3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: sMf4QMT+fK5KMTowfi+Fu7cVgXxkq5tIxxrSv4VkeLjIcURpohI4sllkI/+fVlxKw5oJVwifjiIbYpZqWhBIqv5Pa3TQYjcyIWTOg2ITOUQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR11MB8415
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/CuoG73aacX8BoYp4kkyIfoKm4jU>
Subject: Re: [stir] "rcdi" vs MIME Content-Encoding
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2024 20:29:15 -0000

It needs to be the decoded data. At the time the rcdi is sent, the content encoding is not necessarily known. A web server may support multiple content encodings and return the best encoding supported by the client (indicated by the Accept-Encoding header). 

Sincerely, 

Alec Fenichel 
Chief Technology Officer 
TransNexus <https://transnexus.com/> 
alec.fenichel@transnexus.com <mailto:alec.fenichel@transnexus.com> 
+1 (404) 369-2407 <tel:+14043692407> 



From: stir <stir-bounces@ietf.org> on behalf of Ben Campbell <ben@nostrum.com>
Date: Monday, April 1, 2024 at 16:21
To: IETF STIR Mail List <stir@ietf.org>
Cc: Peterson, Jon <jon.peterson@transunion.com>, Chris Wendt <cwendt@somos.com>
Subject: [stir] "rcdi" vs MIME Content-Encoding 

Hi, 


In thinking about the “rcdi” hashes and RCD “icn” keys: 



What if the target has Content-Encoding? Would the “rcdi” hash be over the raw or decoded data? 



For example, lets say that I get the following headers when dereferencing the “icn” key: 



Content-Type: image/svg+xml Content-Encoding: gzip 


Should the “rcdi” hash be over the compressed or uncompressed version of the data? I assume since draft-ietf-stir-passport-rcd-26 does not mention content-encoding, that the hash would be over the actual octets we get back on the wire prior to decoding. 



But I see that RFC 9399 (Certificate Logotypes), which seems like a similar-if-not-identical application, says the opposite for this specific example: 



Whether the SVG image is GZIP-compressed or uncompressed, the hash value for the SVG image is calculated over the uncompressed SVG content with canonicalized EOL characters, as specified above. 


Thoughts? 



Thanks! 



Ben.

v2.23.0 | Report a Bug | By Email