IETF Logo Mail Archive

Re: [Teep] JSON/JOSE vs. CBOR/COSE

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 25 February 2020 08:41 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72C293A0A28 for <teep@ietfa.amsl.com>; Tue, 25 Feb 2020 00:41:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, PDS_BTC_ID=0.499, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=aSLidAcQ; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=aSLidAcQ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VsRLW8yCfJns for <teep@ietfa.amsl.com>; Tue, 25 Feb 2020 00:41:17 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2056.outbound.protection.outlook.com [40.107.20.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6234E3A0A26 for <teep@ietf.org>; Tue, 25 Feb 2020 00:41:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fa8glmfm6Z7pv6KXVZb/4+SbMGxA7r/8UVjVtHiikuM=; b=aSLidAcQIOVKtJTfzRptRbWP7szOpQOcXIa4/Yu5tUd+AYQm/24FW1IRgtTIf8Oy3U8sdmu/kTrHJgUtVnzdkrGqLU31dZwIVNSsQAeI/enNHcov0+K+hVxrHtxLGRO3oW3TmDlWVhV7kyAMJ7HZl1tCdgr4FpGkav4qrKmmlig=
Received: from DB6PR0801CA0066.eurprd08.prod.outlook.com (2603:10a6:4:2b::34) by VI1PR08MB3182.eurprd08.prod.outlook.com (2603:10a6:803:46::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2750.21; Tue, 25 Feb 2020 08:41:09 +0000
Received: from VE1EUR03FT018.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e09::204) by DB6PR0801CA0066.outlook.office365.com (2603:10a6:4:2b::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2750.18 via Frontend Transport; Tue, 25 Feb 2020 08:41:09 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT018.mail.protection.outlook.com (10.152.18.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2750.17 via Frontend Transport; Tue, 25 Feb 2020 08:41:09 +0000
Received: ("Tessian outbound da94dc68d1bb:v42"); Tue, 25 Feb 2020 08:41:08 +0000
X-CR-MTA-TID: 64aa7808
Received: from 40a49c48ba13.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 76453575-BEA3-4DAA-9DEC-893054FEB131.1; Tue, 25 Feb 2020 08:41:03 +0000
Received: from EUR03-AM5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 40a49c48ba13.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 25 Feb 2020 08:41:03 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Y3LIklCntMoTWMlA3Z63Q2So20eA+lfWmD1o5DkgSiP+Hkt15vx5NUywrH21yCn7BcZnN8CM1wJoq1/1PfxR+EVvXm7ogaB5hH89sOGEwIXUh90No02PDx2tCf5NBonwMwodZVLnKCrcr6WcAJ5bfPKxP5SyKvfrAokcTetWc1gVn92iQG/PN6KlX5EsHdRPq4a3SDHNFsKoAUa8/fo1oupwjHApqfZ9SSMxc4EpBkm9GCYpsw9NQow3xTwvflEHlWKqVIPhSh5H8koQzMeZ6TTwO6QZhj1l3xOd1EH7iIvxjIesvOP38pI7HmL/U9rzVkC35KcB6kbiHuLa4Q+eCA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fa8glmfm6Z7pv6KXVZb/4+SbMGxA7r/8UVjVtHiikuM=; b=XZUsDN6H1D9hjh49boalIll/Fv2je32KSDSQ4vwcBHmKjYfuwLTHf7ZSrd6jJ17SSJtNpv6gnp5oenQBlSx3m0sTSNa0PQqyRqfC1Igq/lcYCnWIXV25iB8HU3s4x6Hm1h6BOL7OoCmEQNWLQyyvqZpH5C5ZS+XhBe7iFbr3xAfvSB7LpDeiP38LPiUmQbzxA+kjTFZsigE7lWaB4GEcXNxW3LJGkioYzh1VJgVkXMddLtmqYncg4y2aGx6QPl3z8ng51ZJaIPWIzsP5sZ98+3A7VMeSLK7yDcrUpL0YN80hgBgLbzneMhle83YsiYpBHKOEpuEn+Dt8KuMLUuBv5A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fa8glmfm6Z7pv6KXVZb/4+SbMGxA7r/8UVjVtHiikuM=; b=aSLidAcQIOVKtJTfzRptRbWP7szOpQOcXIa4/Yu5tUd+AYQm/24FW1IRgtTIf8Oy3U8sdmu/kTrHJgUtVnzdkrGqLU31dZwIVNSsQAeI/enNHcov0+K+hVxrHtxLGRO3oW3TmDlWVhV7kyAMJ7HZl1tCdgr4FpGkav4qrKmmlig=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (20.178.23.205) by AM0PR08MB5345.eurprd08.prod.outlook.com (52.132.215.213) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2750.18; Tue, 25 Feb 2020 08:41:02 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::2159:870b:25df:e612]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::2159:870b:25df:e612%5]) with mapi id 15.20.2750.021; Tue, 25 Feb 2020 08:41:02 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: 塚本明 <akira.tsukamoto@aist.go.jp>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
CC: Konda Tirumaleswar Reddy <TirumaleswarReddy_Konda@mcafee.com>, Nicolae Paladi <nicolae.paladi@ri.se>, teep <teep@ietf.org>, Mingliang Pei <mingliang.pei=40broadcom.com@dmarc.ietf.org>
Thread-Topic: [Teep] JSON/JOSE vs. CBOR/COSE
Thread-Index: AdXn1SQGDdHEa7ViTNKpyKZllFqBSgAJI/6AAAYjxoAAIjYkoAAAP/GAAJ2ZMRUAABCIgAAAupMAAAB3apAAAD2igAAnk3MAAAATWVA=
Date: Tue, 25 Feb 2020 08:41:02 +0000
Message-ID: <AM0PR08MB3716F0D0FD2649B22EFC787FFAED0@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <AM6PR08MB37181998F4E68A7F6BCC8110FA130@AM6PR08MB3718.eurprd08.prod.outlook.com> <59627424-2BE9-4E52-8F57-B7853D71023C@ri.se> <CABDGos7T5rjN4qHUyg_ptC+uB4gEjY26pe3=Z+Kky-LG5gkHDQ@mail.gmail.com> <CY4PR1601MB125438E2058280B86B32F650EA120@CY4PR1601MB1254.namprd16.prod.outlook.com> <a16d028a-43cf-bb5f-f21c-e26315280a2c@sit.fraunhofer.de> <CACuRN0O44V6HCUoRMjYdiz+yU=TykR89Qxsy5BifPfES_wkxkQ@mail.gmail.com> <CACuRN0PDevvPt6AkwgtBu2LhHBDbCZT490jkyQ8CjUNHKutN3g@mail.gmail.com> <AM0PR08MB371658433A963F30E53D5B16FAEC0@AM0PR08MB3716.eurprd08.prod.outlook.com> <e7b36f1d-67da-e072-1d93-4e05808cf4f3@sit.fraunhofer.de> <AM0PR08MB3716E3D68398FC3BA4A08D4DFAEC0@AM0PR08MB3716.eurprd08.prod.outlook.com> <74f54d9a-9590-3a13-abb0-f88ce575f61d@sit.fraunhofer.de> <d7bea679-02be-d27e-b540-704325f8eeb8@aist.go.jp>
In-Reply-To: <d7bea679-02be-d27e-b540-704325f8eeb8@aist.go.jp>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 7f246be0-10e6-40c4-b392-ee16dca908bd.1
x-checkrecipientchecked: true
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [156.67.195.207]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 3b32ecfd-e3e5-4f0c-46d8-08d7b9ce7646
X-MS-TrafficTypeDiagnostic: AM0PR08MB5345:|VI1PR08MB3182:
X-Microsoft-Antispam-PRVS: <VI1PR08MB31824B8EE768ED18773CF6C9FAED0@VI1PR08MB3182.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:8882;
x-forefront-prvs: 0324C2C0E2
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10001)(10009020)(4636009)(39860400002)(366004)(376002)(396003)(346002)(136003)(199004)(189003)(8936002)(966005)(186003)(81166006)(4326008)(30864003)(33656002)(7696005)(76116006)(26005)(86362001)(8676002)(81156014)(71200400001)(110136005)(478600001)(66446008)(64756008)(52536014)(6506007)(9686003)(54906003)(53546011)(55016002)(66556008)(5660300002)(66476007)(66946007)(316002)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR08MB5345; H:AM0PR08MB3716.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: j+rbK0/eqQqlGAnBokIG3Z50sTd0aYewnLRJFQMvN8CEwUfr7zM1CqygpO0ja2NGxdxYNbWq6ojN8gO4JV/MYoosuEgEi1Mg6Dsl0qMSwYxpCuBmi5O5hVY1jNWChx0UUWKe2zp2PdXO/4Lqwamn/1YcosWXup3dwKyUwFO6koRvD5RyZedZ5PbQidJDFes67dWY4bZ+IjW/+7KQX1pOFLETfSqwufOx41GrpMPHh1TPza+RiIghdWV/dum3b3IKfWSGrVoG9udMNZc0kiqy4dUiI7/k6Nz/oBSE+jpM7NPCy8I8BGgVOLOubm6HXa2mBIwLvh6r2pY3W/fnocmPYJlNvNDnpZsuRrTk7YCk4p+38u7poClTghH9qF2lciJqtonThB1QJVo+pEDT+BmZ2H2vu05mxJ1OgCJyhe7bwF1mcwWZ/dFB09EwQWJDV/6l+4rJPmdQoEIWH+5K8Dahz7lN27ZS58K+CuOrh+PdMKRyMibk1LTewBmSG/j4uxZ4Q8xFKtmErpLwKlZP4OvZO61gE7hiydE0dKWmZWo6R7FvRoXGu3rOvPA3HaAXlQzaPWpRIeWM5vR8dqv2bKpbe8JDmR9qYW3o1kt0FOYYih16JWJMMh7aab5Oxmqb+Iri
x-ms-exchange-antispam-messagedata: Y2mNgsbQmWh7DZtMIUhrr0S3/T0tkxlqlunznhCSb1jXvI/4zutbnhntadbylEueo215I2mLz39gL4Wx7/qdk0h/GkWlhV0xNP9nU1rxLovvhM3S0D1uevKMoqwnzF9Y7WCCgmKoK4XmDfqS71ELOQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB5345
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT018.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10001)(10009020)(4636009)(376002)(346002)(39860400002)(136003)(396003)(189003)(199004)(53546011)(2906002)(7696005)(86362001)(356004)(52536014)(81156014)(30864003)(5660300002)(478600001)(336012)(70586007)(81166006)(4326008)(26826003)(8936002)(8676002)(966005)(55016002)(186003)(6506007)(36906005)(33656002)(26005)(9686003)(70206006)(316002)(54906003)(110136005); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR08MB3182; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:Pass; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; MX:1; A:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: b689a2ee-c03c-40d3-35d5-08d7b9ce7237
X-Forefront-PRVS: 0324C2C0E2
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: ZkHmxhGPqJgJQY8gKgxGjuGdk9GcDx9q/VyOo2pMNM5EvdphDyQAizzbcMr3a3nmpIq21qTFu2ziom+L2JaMSt5gl1qdbRBl13/WpwJi7AZZFH/C1+pLWzgyM21Ww2jUjMTDwMgEPX26oYpIzZfpvon/NuX4zDQ80mq93NQLDm9iGx9Y6srsMqLJdI9EsLRu50LR7NHOL7umASYzzqAHISisip4nqfZFzJLg/jhBqmPooVP57PyrhlCjNjVn+FPgjX0KG6Rj95ObkTsEgvZCHLpKD1mQsTmZ+YwP/GEs8ejigYtsu72nxuO245Fj7OGOUomQFEtHspCFDw5bmGAtL0dDO1s/oATxvzTiCf2oNXOktCn1aVLu48VIEwg0sM+WP/yEk8gPx/J3Roe4oWEAC7bhCi0cUK/aiJM6kF04Nr2G9Js/qbnJdr4engxKu8t+b5sudZhIc7tTs5WMWcVJ6WzBwlNQiSuzS4rQ/rAtnD/LRtzzCTz3CfAKj46aWn8zczOdqES/SfUIbxaIV486BMcAEJTqBXUoYqlwEnSsph8CBiI3CkDx7OGrJ9vUP5BrtV2mt9rhDclZzzEDo+sh0+5PxGfLIqaYczZ1AMcjxN+YsZigmGalG0sN7ckaNXKQ
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2020 08:41:09.3912 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 3b32ecfd-e3e5-4f0c-46d8-08d7b9ce7646
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB3182
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/rDwZfGlPBqmIytF5ahImRyZxSwA>
Subject: Re: [Teep] JSON/JOSE vs. CBOR/COSE
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Feb 2020 08:41:22 -0000

I believe it is fine for anyone to start coding the messages in JSON for a prototype, as we did at the Hackathon, but another thing to describe two encodings in the spec. This does create a fair amount of interoperability problems later on. FWIW I am going to change my code to CBOR/COSE

-----Original Message-----
From: 塚本明 <akira.tsukamoto@aist.go.jp>
Sent: Tuesday, February 25, 2020 9:37 AM
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>; Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: Konda Tirumaleswar Reddy <TirumaleswarReddy_Konda@mcafee.com>; Nicolae Paladi <nicolae.paladi@ri.se>; teep <teep@ietf.org>; Mingliang Pei <mingliang.pei=40broadcom.com@dmarc.ietf.org>
Subject: Re: [Teep] JSON/JOSE vs. CBOR/COSE


On 2020/02/24 22:44, Henk Birkholz wrote:
> Yes, absolutely. +4 on all four points.
>
> I just wanted to highlight Akira's comment that was:
>
> On 24.02.20 07:09, Akira Tsukamoto wrote:
>> I would prefer having the current implementation started on JSON to
>> be finished and fill out the details in the spec for what we have discussed during the Hakathon.
>
> This approach would deduct from the benefits that were illustrated in this thread. I am not in favor of this approach, but there might be necessities that I am unaware of?

I am not sure which is beneficial or not, but I just did not see comments for the teep draft from the implementation perspective from who have tried CBOR on teep at the moment, so I felt that being able to start early with JSON was a good thing.

Also, during the hackathon at Berlin, we did have a code to show the contents of teem messages in the sources but at the end we had to use WireShark to debug when we could not figure out why it is giving some of the parsing errors for received message, so having text representation in the binary packet helped the prototyping.

I am ok for CBOR only after everything is smoothed out, just wanted to make things forward.

-Akira

>
> Viele Grüße,
>
> Henk
>
>
> On 24.02.20 08:39, Hannes Tschofenig wrote:
>> My idea was to use
>> * CDDL to describe the protocol messages (as it is already done in the spec).
>> * the CBOR diagnostic format for examples.
>> * CBOR for the over-the-wire encoding.
>> * COSE as the security-wrapper for the protocol messages.
>>
>> I believe this is also inline with your thinking. Correct?
>>
>> -----Original Message-----
>> From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
>> Sent: Monday, February 24, 2020 2:24 PM
>> To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; Akira Tsukamoto
>> <akira.tsukamoto@gmail.com>
>> Cc: Konda Tirumaleswar Reddy <TirumaleswarReddy_Konda@mcafee.com>;
>> Mingliang Pei <mingliang.pei=40broadcom.com@dmarc.ietf.org>; Nicolae
>> Paladi <nicolae.paladi@ri.se>; teep <teep@ietf.org>
>> Subject: Re: [Teep] JSON/JOSE vs. CBOR/COSE
>>
>> Hi all,
>>
>> while I am of course in favor of using cbor-diag, please mind that
>> would be a CBOR instance example. In general, the message structure (that the cbor-diag is an example of) should be illustrated (or specified, depending on the nature of the document) in CDDL.
>>
>> I do not object to start with JSON and then finalizing with CBOR only, in principle. The only caveat here is that a lot of the benefits by using CBOR only that were highlighted in this thread are lost for the most part of the way, if you start with JSON.
>>
>> Viele Grüße,
>>
>> Henk
>>
>> On 24.02.20 08:12, Hannes Tschofenig wrote:
>>> Thanks, Akira.
>>>
>>> If we decide to only use CBOR/COSE for the TEEP protocol then the draft becomes simpler. It still make sense to put examples with CBOR diagnostic format into the draft. That's something we should certainly do.
>>>
>>> I am pushing for a decision about this topic because
>>> * the draft needs to be updated in time for the IETF submission
>>> deadline,
>>> * the reference implementations need to progress, and
>>> * making a decision gives us clarity about the direction we are heading.
>>>
>>> For the reference implementation I am wondering whether it makes sense to re-use QCBOR and an enhanced version* of t_cose. Hackathon participants were quite impressed with QCBOR and t_cose.
>>>
>>> Ciao
>>> Hannes
>>>
>>> *: I am speaking about an enhanced version because t_cose implements
>>> only verifying digital signatures. The sign functionality is missing.
>>> (At least that's my understanding.)
>>>
>>> -----Original Message-----
>>> From: Akira Tsukamoto <akira.tsukamoto@gmail.com>
>>> Sent: Monday, February 24, 2020 2:01 PM
>>> To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
>>> Cc: Konda Tirumaleswar Reddy <TirumaleswarReddy_Konda@mcafee.com>;
>>> Mingliang Pei <mingliang.pei=40broadcom.com@dmarc.ietf.org>; Nicolae
>>> Paladi <nicolae.paladi@ri.se>; Hannes Tschofenig
>>> <Hannes.Tschofenig@arm.com>; teep <teep@ietf.org>
>>> Subject: Fwd: [Teep] JSON/JOSE vs. CBOR/COSE
>>>
>>> I mistakenly dropped many addresses when I pressed button gmail, this is resend which I sent to Henk only.
>>>
>>>>           On 20 Feb 2020, at 11:16, Hannes Tschofenig
>>>>           <Hannes.Tschofenig@arm.com
>>>> <mailto:Hannes.Tschofenig@arm.com>>
>>>>           wrote:
>>>>
>>>>           With the impression from the Hackathon in mind I am
>>>> wondering
>>>>           whether we should make a decision about the encoding of
>>>> the TEEP
>>>>           protocol messages. Today, the spec allows two types of
>>>>           encodings, namely JSON and CBOR (with their security mechanisms).
>>>>
>>>>           It is obviously a pain to implement both encodings. The
>>>> spec
>>>>           supports two encodings because the OTrP design was based
>>>> on JSON
>>>>           / JOSE and it felt logical to “inherit” this encoding.
>>>> Then, we
>>>>           added CBOR and COSE for use with constrained devices.
>>>>
>>>>           I believe we should only have one encoding.
>>>>
>>>>           CBOR and COSE appear to be the better choice (although I
>>>> have
>>>>           been working on an implementation of JSON and JOSE at the
>>>>           Hackathon). While JSON/JOSE is easier to debug the TEEP
>>>> protocol
>>>>           is actually quite simple. The use of CBOR/COSE will allow
>>>> us to
>>>>           keep the trusted computing base smaller considering that
>>>> SUIT
>>>>           manifests as well as EAT tokens are/can be encoded in
>>>> CBOR and
>>>>           protected by COSE.
>>>
>>> The Hackathon at  Berlin was really productive and thanks.
>>>
>>> I personally do not mind if the protocol spec becomes having only CBOR/COSE and drop JSON/JOSE.
>>>
>>> I think we have two discussion on this topic, one is completing the draft and other is whether the TAM implementation must support support both CBOR and JSON.
>>>
>>> It is very good to have some kind of reference implementation of
>>> TEEP along side with the spec draft, so I would prefer having the current implementation started on JSON to be finished and fill out the details in the spec for what we have discussed during the Hakathon.
>>>
>>> The sequences of TEEP in JSON which I was wroking on at the Hackathon are still not mature.
>>> https://github.com/ietf-teep/teep-protocol/issues/7
>>> The suit representation is not there yet either.
>>>
>>> These are the links I would like to reflect on the draft before the next IETF hackathon.
>>> https://github.com/ietf-teep/architecture/issues/151
>>> https://github.com/ietf-teep/teep-protocol/issues/6
>>> https://github.com/ietf-teep/teep-protocol/issues/5
>>> https://github.com/ietf-teep/teep-protocol/issues/4 <- we had
>>> conclusion at the Hakathon on this
>>>
>>> Otherwise I am bit concerned many people having different interpretation from reading the draft and many implementation suffering interoperability.
>>> Once the details is addressed in the JSON then having CBOR representation in the spec is fine.
>>> The cbor-diag tool mentioned by Carsten at the other thread is great.
>>> It is good if somebody starts CBOR implementation in the time being.
>>>
>>> My thought was that switching to CBOR only and no JSON now for the
>>> Hackathon is that the TAM side is possible to talk CBOR relatively easy since there is "npm install cbor" to use cbor library with javascript, but for the implementation on TEEP device side, there are cn-cbor and tiny-cbor for c language which is not so easy for try and error and changing the message formats while the draft is also moving.
>>>
>>> The other topic of requiring the TAM to support both JSON and CBOR in the draft, I do not feel that it should have to support both.
>>> TAM talking otrp with json or/either teep with cbor is fine for me.
>>>
>>> -Akira
>>>
>>> On Fri, Feb 21, 2020 at 6:49 PM Henk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote:
>>>>
>>>> Hi Tiru,
>>>>
>>>> I'd stay in the scope of CBOR and use cbor-diag. As cbor-diag can
>>>> be directly translated into CBOR data items, that is the notation I
>>>> am working with on a daily basis.
>>>>
>>>> If needed, a JSON data item can be derived from cbor-diag quite easily.
>>>>
>>>> Viele Grüße,
>>>>
>>>> Henk
>>>>
>>>> On 21.02.20 04:43, Konda, Tirumaleswar Reddy wrote:
>>>>> The protocol draft can discuss either CBOR to JSON conversion or
>>>>> diagnostic notation discussed in
>>>>> https://tools.ietf.org/html/rfc7049#section-6 to ease debugging.
>>>>>
>>>>> -Tiru
>>>>>
>>>>> *From:* TEEP <teep-bounces@ietf.org> *On Behalf Of * Mingliang Pei
>>>>> *Sent:* Thursday, February 20, 2020 10:52 PM
>>>>> *To:* Nicolae Paladi <nicolae.paladi@ri.se>
>>>>> *Cc:* Hannes Tschofenig <Hannes.Tschofenig@arm.com>; teep@ietf.org
>>>>> *Subject:* Re: [Teep] JSON/JOSE vs. CBOR/COSE
>>>>>
>>>>> *CAUTION*:External email. Do not click links or open attachments
>>>>> unless you recognize the sender and know the content is safe.
>>>>>
>>>>> ------------------------------------------------------------------
>>>>> --
>>>>> ----
>>>>>
>>>>> I agree we move forward TEEP protocol with one mandatory format:
>>>>> CBOR / COSE, and focus on specifying only one for now. Thanks,
>>>>> Ming
>>>>>
>>>>> On Thu, Feb 20, 2020 at 6:26 AM Nicolae Paladi
>>>>> <nicolae.paladi@ri.se <mailto:nicolae.paladi@ri.se>> wrote:
>>>>>
>>>>>
>>>>>
>>>>>           On 20 Feb 2020, at 11:16, Hannes Tschofenig
>>>>>           <Hannes.Tschofenig@arm.com
>>>>> <mailto:Hannes.Tschofenig@arm.com>>
>>>>>           wrote:
>>>>>
>>>>>           Hi all,
>>>>>
>>>>>           With the impression from the Hackathon in mind I am
>>>>> wondering
>>>>>           whether we should make a decision about the encoding of
>>>>> the TEEP
>>>>>           protocol messages. Today, the spec allows two types of
>>>>>           encodings, namely JSON and CBOR (with their security mechanisms).
>>>>>
>>>>>           It is obviously a pain to implement both encodings. The
>>>>> spec
>>>>>           supports two encodings because the OTrP design was based
>>>>> on JSON
>>>>>           / JOSE and it felt logical to “inherit” this encoding.
>>>>> Then, we
>>>>>           added CBOR and COSE for use with constrained devices.
>>>>>
>>>>>           I believe we should only have one encoding.
>>>>>
>>>>>           CBOR and COSE appear to be the better choice (although I
>>>>> have
>>>>>           been working on an implementation of JSON and JOSE at
>>>>> the
>>>>>           Hackathon). While JSON/JOSE is easier to debug the TEEP
>>>>> protocol
>>>>>           is actually quite simple. The use of CBOR/COSE will
>>>>> allow us to
>>>>>           keep the trusted computing base smaller considering that
>>>>> SUIT
>>>>>           manifests as well as EAT tokens are/can be encoded in
>>>>> CBOR and
>>>>>           protected by COSE.
>>>>>
>>>>>       I agree, better to focus on one format.
>>>>>
>>>>>       Best regards,
>>>>>
>>>>>       Nicolae
>>>>>
>>>>>
>>>>>
>>>>>           With this email I wanted to kick-off a discussion. What
>>>>> do you
>>>>>           think?
>>>>>
>>>>>           Ciao
>>>>>
>>>>>           Hannes
>>>>>
>>>>>           IMPORTANT NOTICE: The contents of this email and any
>>>>> attachments
>>>>>           are confidential and may also be privileged. If you are
>>>>> not the
>>>>>           intended recipient, please notify the sender immediately
>>>>> and do
>>>>>           not disclose the contents to any other person, use it
>>>>> for any
>>>>>           purpose, or store or copy the information in any medium.
>>>>> Thank
>>>>>           you. _______________________________________________
>>>>>           TEEP mailing list
>>>>>           TEEP@ietf.org <mailto:TEEP@ietf.org>
>>>>>           https://www.ietf.org/mailman/listinfo/teep
>>>>>
>>>>> <https://clicktime.symantec.com/3MSsiXmEmb2Dwfb5s7ZBbYv7Vc?u=https
>>>>> %3 A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fteep>
>>>>>
>>>>>       _______________________________________________
>>>>>       TEEP mailing list
>>>>>       TEEP@ietf.org <mailto:TEEP@ietf.org>
>>>>>
>>>>> https://clicktime.symantec.com/3MSsiXmEmb2Dwfb5s7ZBbYv7Vc?u=https%
>>>>> 3A %2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fteep
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> TEEP mailing list
>>>>> TEEP@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/teep
>>>>>
>>>>
>>>> _______________________________________________
>>>> TEEP mailing list
>>>> TEEP@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/teep
>>> IMPORTANT NOTICE: The contents of this email and any attachments are
>>> confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
>>>
>> IMPORTANT NOTICE: The contents of this email and any attachments are
>> confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
>>
>
> _______________________________________________
> TEEP mailing list
> TEEP@ietf.org
> https://www.ietf.org/mailman/listinfo/teep
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email