IETF Logo Mail Archive

Re: [Teep] JSON/JOSE vs. CBOR/COSE

Nicolae Paladi <nicolae.paladi@ri.se> Thu, 20 February 2020 14:26 UTC

Return-Path: <nicolae.paladi@ri.se>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD30312003E for <teep@ietfa.amsl.com>; Thu, 20 Feb 2020 06:26:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=risecloud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uzQ0ackRq8RO for <teep@ietfa.amsl.com>; Thu, 20 Feb 2020 06:26:17 -0800 (PST)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70053.outbound.protection.outlook.com [40.107.7.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44320120073 for <teep@ietf.org>; Thu, 20 Feb 2020 06:26:17 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XBNTJnc9S0Y6I7gee1AkDX5YVUbKKM5rh5jYoXyxJ1oDXDAJ1qLpxmADsrhNxsPl9+iGRI3qlQvstyVZVmOs8dNJUTtLR3XaMVCOKDbsmDn2Q1c5nxPZgkJyzGp19SfWJKTGpzHVCjHYmbac0Q7Wtd+rXU5vB8Jn5Z5FZB4rygEd0pYL6rim6fEkpGbU1FNQVkIXDNPYai6QP1ByOIJm9R52RgjCMo3TkSCx9ps+Y5vnMTZ9l8INaus7xvu0Zmb1rXvArde29L7IEtN5oxPxw3LZBDpKk7SHP+QD+rultoupaoDcgFIhKa8Xrxmx9AYRPs2UbZsQUzt+5/Vx3UIAOg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OdmEK0b71X2Wfv0SQKuPyxJNV86zDEtudsCO0rNThPw=; b=mTUZMFr5Q3Arbjw7M0Vy99RiCrJAXOsdOLr4rgf6h9kWD+cUuOQ+aNg1WFD2ioyrDFapraDZxHV4CeNcXNKTY7FII8O6DA7K9Ru/urhzl3q4pix+LduU5wgdIkEd+qXiM2enpIHO4ND9s6dJwEg7z9iaEctUAqF/VPFwKYQ1PSaET5OhRMuECzfUQwJew0Ia1SEr4qXBJBZSn82PBXeH5l5/n08hK4I0mhM06ln7zgOW7r2J5btKUOeVEr/RN7y/r5/cZzYI8f4Wp+ZEiDIUhgeHYaVTWvg6UgXvHVT65D1Y5mhzqzAwY4Do1nJK3O1A92J+DAaHtkxredK2zDov/Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=RISEcloud.onmicrosoft.com; s=selector1-RISEcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OdmEK0b71X2Wfv0SQKuPyxJNV86zDEtudsCO0rNThPw=; b=Tu9Sg/ys+N+ZvKFBz2nCu/eCiVyzYaJyoZ2m7II6bjngjmey4GbNsC+pnEgzw4QyW47q+0gDwyiTdp65fVEw6EHNLZUK0+fJiSvTCEbX/QPGsbP3nUi25PM8D4kImZS+lwqoHPq+qcoYAVlvWFcwkGcO1sYGK+d7u2ZqVYGSlkg=
Received: from HE1P18901MB0170.EURP189.PROD.OUTLOOK.COM (10.168.190.20) by HE1P18901MB0026.EURP189.PROD.OUTLOOK.COM (10.168.184.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.24; Thu, 20 Feb 2020 14:26:13 +0000
Received: from HE1P18901MB0170.EURP189.PROD.OUTLOOK.COM ([fe80::30f8:18fa:a56e:b0b8]) by HE1P18901MB0170.EURP189.PROD.OUTLOOK.COM ([fe80::30f8:18fa:a56e:b0b8%7]) with mapi id 15.20.2729.033; Thu, 20 Feb 2020 14:26:13 +0000
From: Nicolae Paladi <nicolae.paladi@ri.se>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
CC: "teep@ietf.org" <teep@ietf.org>
Thread-Topic: [Teep] JSON/JOSE vs. CBOR/COSE
Thread-Index: AdXn1SQGDdHEa7ViTNKpyKZllFqBSgAJI/6A
Date: Thu, 20 Feb 2020 14:26:13 +0000
Message-ID: <59627424-2BE9-4E52-8F57-B7853D71023C@ri.se>
References: <AM6PR08MB37181998F4E68A7F6BCC8110FA130@AM6PR08MB3718.eurprd08.prod.outlook.com>
In-Reply-To: <AM6PR08MB37181998F4E68A7F6BCC8110FA130@AM6PR08MB3718.eurprd08.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3445.9.1)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=nicolae.paladi@ri.se;
x-originating-ip: [193.10.64.23]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a24f43f4-c790-42ed-e687-08d7b610d6f1
x-ms-traffictypediagnostic: HE1P18901MB0026:
x-microsoft-antispam-prvs: <HE1P18901MB002689045E4EEE88B935C78085130@HE1P18901MB0026.EURP189.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 031996B7EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(366004)(136003)(346002)(396003)(39860400002)(189003)(199004)(6512007)(33656002)(2616005)(6486002)(6916009)(81156014)(8936002)(36756003)(86362001)(4326008)(44832011)(5660300002)(8676002)(81166006)(64756008)(186003)(316002)(26005)(71200400001)(66556008)(478600001)(76116006)(66446008)(91956017)(2906002)(53546011)(966005)(6506007)(66476007)(66946007); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1P18901MB0026; H:HE1P18901MB0170.EURP189.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ri.se does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: +9UCZKmZl7Mh64vOCJCp1gqeGYX2lsROX6witNcn/RoPlHbjzc/XNK5Gtt41CsrDxDi21Hru0mjbLa4LIGurDLaSjdvqMbhCCwNSalC9C0PnWVCHPP5zTa5FU36M6+S3LJoTY+4ADDAwwD3ddNkaH6Uh/A4KmBSnugl0ig3T8+/aI4ssa2v0F24I0fn84Inl7lL6pwOPbPNEAKt+GgYSkoT56saa7s5pWNvqJc+nJXwM8qAtR/pMuCpZfEhF+3/1b86zW45x33k51lRdUZCPH9t/1+VnSyWqNbpEP8Udfwq/z3hLG1kSLMYuSz9ShVLBWAbHfIe2vZGKJJMnr60lCySJ6S82/9Y5G4wfP5AzDoEm7YA6OMQk7Q/ulqjSAc3WAT+5FCp9s9kA+ScSP7zLL6bgPIpuFlGpwWL9jeTg0FDBzeVBToSzzLjcQqzco5u8HuiA8TtvG+rvxqOI0iH5MSNZ573artQn8KSrFXvVICzyskgg1J5JNS+MvhOlDAiEV7l4xaX4MfZ0wU/R40Kfmw==
x-ms-exchange-antispam-messagedata: W/fDbcxFmRMjT3+MBs2G2EhzXeTZUmwMsi0YfTPEvekO6vHgZd5K4Z8PdtpcQNtHHH5koA4Q3MuVdj64JGBxAoVV1eJYZJnDyIQ4nbN1NckVBbWcT/g0akoeqxsErHkjZVb8Tzxrxx9c60j5QORA8g==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_596274242BE94E528F57B7853D71023Crise_"
MIME-Version: 1.0
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: a24f43f4-c790-42ed-e687-08d7b610d6f1
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Feb 2020 14:26:13.7624 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: we+5AR8OCPE6uf0TUpFt3Bk6kRBM1mWZLo9VtKtuiadPJAngWkQFdVUoGyL3/VGEQhp9fb605Jyy6q6HAma9UA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1P18901MB0026
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/UwfFlmFTl7__gYp5MTxv560YiNw>
Subject: Re: [Teep] JSON/JOSE vs. CBOR/COSE
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Feb 2020 14:26:21 -0000


On 20 Feb 2020, at 11:16, Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>> wrote:

Hi all,

With the impression from the Hackathon in mind I am wondering whether we should make a decision about the encoding of the TEEP protocol messages. Today, the spec allows two types of encodings, namely JSON and CBOR (with their security mechanisms).

It is obviously a pain to implement both encodings. The spec supports two encodings because the OTrP design was based on JSON / JOSE and it felt logical to “inherit” this encoding. Then, we added CBOR and COSE for use with constrained devices.

I believe we should only have one encoding.

CBOR and COSE appear to be the better choice (although I have been working on an implementation of JSON and JOSE at the Hackathon). While JSON/JOSE is easier to debug the TEEP protocol is actually quite simple. The use of CBOR/COSE will allow us to keep the trusted computing base smaller considering that SUIT manifests as well as EAT tokens are/can be encoded in CBOR and protected by COSE.

I agree, better to focus on one format.

Best regards,
Nicolae


With this email I wanted to kick-off a discussion. What do you think?

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________
TEEP mailing list
TEEP@ietf.org<mailto:TEEP@ietf.org>
https://www.ietf.org/mailman/listinfo/teep

v2.23.0 | Report a Bug | By Email