IETF Logo Mail Archive

Re: [Yot] questions concerning sid value assignments

peter van der Stok <stokcons@xs4all.nl> Wed, 21 February 2018 08:29 UTC

Return-Path: <stokcons@xs4all.nl>
X-Original-To: yot@ietfa.amsl.com
Delivered-To: yot@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70BDA12E889 for <yot@ietfa.amsl.com>; Wed, 21 Feb 2018 00:29:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.621
X-Spam-Level:
X-Spam-Status: No, score=-2.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KHDxhi625FyZ for <yot@ietfa.amsl.com>; Wed, 21 Feb 2018 00:29:41 -0800 (PST)
Received: from lb1-smtp-cloud7.xs4all.net (lb1-smtp-cloud7.xs4all.net [194.109.24.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F66612E883 for <yot@ietf.org>; Wed, 21 Feb 2018 00:29:40 -0800 (PST)
Received: from webmail.xs4all.nl ([IPv6:2001:888:0:22:194:109:20:195]) by smtp-cloud7.xs4all.net with ESMTPA id oPmVeCTno3A62oPmVeaj1U; Wed, 21 Feb 2018 09:29:39 +0100
Received: from AMontpellier-654-1-186-134.w92-145.abo.wanadoo.fr ([92.145.165.134]) by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Wed, 21 Feb 2018 09:29:39 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Content-Transfer-Encoding: 7bit
Date: Wed, 21 Feb 2018 09:29:39 +0100
From: peter van der Stok <stokcons@xs4all.nl>
To: Michel Veillette <Michel.Veillette@trilliant.com>
Cc: consultancy@vanderstok.org, Michael Richardson <mcr+ietf@sandelman.ca>, yot@ietf.org, "Panos Kampanakis (pkampana)" <pkampana@cisco.com>, Kent Watsen <kwatsen@juniper.net>
Organization: vanderstok consultancy
Reply-To: consultancy@vanderstok.org
Mail-Reply-To: consultancy@vanderstok.org
In-Reply-To: <BN6PR06MB23084AE32829AFCE40B1A9359ACF0@BN6PR06MB2308.namprd06.prod.outlook.com>
References: <faa44e95aa561876f119edc7358fd118@xs4all.nl> <26096.1518551413@obiwan.sandelman.ca> <9e0d297ad888a36e16921d10873cc947@xs4all.nl> <BN6PR06MB23082D66ED7486BDA002B1DBFEF50@BN6PR06MB2308.namprd06.prod.outlook.com> <eaccba06f07bc88eac32285fb8880f06@xs4all.nl> <22cc48128046319c662c116bcc39d761@xs4all.nl> <8136.1519064595@obiwan.sandelman.ca> <541bb64fbea71cf95ab50caadcf37a60@xs4all.nl> <BN6PR06MB23084AE32829AFCE40B1A9359ACF0@BN6PR06MB2308.namprd06.prod.outlook.com>
Message-ID: <bb2544af8c7375f44f915f14d2727787@xs4all.nl>
X-Sender: stokcons@xs4all.nl
User-Agent: XS4ALL Webmail
X-CMAE-Envelope: MS4wfEt5eE2q6GEjuSVbiPJoVv58ZBz98Q5ksxXK/GhFlDZ60oZz8CKUoXqIrrsyCDRGX/asjvyZNKM192aMybh+KEcxlxLn80UDIhbz/rZCT9sVKtZZYE0g rH/my/O2n+G+vohcAUr6wn1iKlSAML+7EN7dNX2oqnS4FWIbmDSTqdO1cH/EKsgM8G65xHmCW0z190NFQzroBuDHOgb3mtPIA5qK9lLmcdW697sE0USWhhkX JmvMXeJvif8Xwbr5Tbpx+vhXrPmrbbytEE0HyyX6yEKFiZff6FRpme0CW3UKNziRdbNZL89ZMVsJGM4bqzlsx7qRexhlq3h66D3Xy2TIc4TqvayIz/U6u0yK H54MXjV9XvoVJOBC9VDl60mWNq4+zw==
Archived-At: <https://mailarchive.ietf.org/arch/msg/yot/SCtF_pQO9YgnwBu2DLY_-b7QKmI>
Subject: Re: [Yot] questions concerning sid value assignments
X-BeenThere: yot@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Yang of Things <yot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yot>, <mailto:yot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yot/>
List-Post: <mailto:yot@ietf.org>
List-Help: <mailto:yot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yot>, <mailto:yot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Feb 2018 08:29:43 -0000

Hi Michel,

see below

Michel Veillette schreef op 2018-02-20 16:47:
> Hi Peter, Hi Michael
> 
> In my previous email, I forgot to highlight the errors for the
> cwt-voucher encoding.
> 
> When the augment is on the 'voucher-artifac' template, the 'voucher'
> container is not redefined, the original definition, path and SID
> apply.
> Only the "pinned-domain-subject-public-key-info" leaf is part of the
> augment and get specific SID assigned to it.
> 
> The encoding should be:
> {
>   1001001: {
>     +2 : "2016-10-07T19:31:42Z",  / SID = 1001003, created-on /
>     +4 : "2016-10-21T19:31:42Z",  / SID = 1001005, expires-on /
>     +1 : "verified",              / SID = 1001002, assertion /
>     +10 : "JADA123456789",        / SID = 1001011, serial-number /
>     +5 : h'01020D0F',             / SID = 1001006, idevid-issuer /
>     +8 : h'01020D0F',             / SID = 1001009, pinned-domain-cert /
>     +3 : true,                    / SID = 1001004,
> domain-cert-revocation-checks /
>     +6 : "2017-10-07T19:31:42Z",  / SID = 1001007, last-renewal-date /
>     +30 : h'01020D0F'             / SID = 1001031,
> pinned-domain-subject-public-key-info /
>   }
> }
> 
> This corrected encoding probably reinforce your current conclusion
> (This is an argument to not re-using the values.)

(RIGHT)
To be sure:
The correct encoding (many thanks for doing this) is only in conjunction 
with YANG CBOR draft.
If you do not expect inter-operability problems with the voucher, an 
alternative encoding with the same resultant values is OK. (for example 
not using the h'number' encoding but just a bsd64 encoding also 
supported by CBOR)

Cheerio,

Peter
> 
> Regards,
> Michel
> 
> -----Original Message-----
> From: peter van der Stok [mailto:stokcons@xs4all.nl]
> Sent: Tuesday, February 20, 2018 3:40 AM
> To: Michael Richardson <mcr+ietf@sandelman.ca>
> Cc: consultancy@vanderstok.org; yot@ietf.org; Michel Veillette
> <Michel.Veillette@trilliant.com>; Panos Kampanakis (pkampana)
> <pkampana@cisco.com>; Kent Watsen <kwatsen@juniper.net>
> Subject: Re: questions concerning sid value assignments
> 
> 
> Michael Richardson schreef op 2018-02-19 19:23:
>> peter van der Stok <stokcons@xs4all.nl> wrote:
>>     > I created an example for myself by heart. Can you see if my
>> memory is still
>>     > correct?
>> 
>>     > I assume a server with one voucher module and one cwt-voucher
>> module;
>>     > The augment with grouping is used for SID allocation.
>>     > The diagnostic notation is used for CBOR.
>> 
>> Cool...
>> 
>>     > {
>>     > 1001000: {
>>     > +3 : "2016-10-07T19:31:42Z",
>> 
>>     > A returned cwt-voucher may look like:
>> 
>>     > {
>>     > 1001030: {
>>     > -27 : "2016-10-07T19:31:42Z",
>> 
>> It took me a moment to figure out that 1001000+3 == 1001030-27.
>> That's exactly what I would think should happen if we have SIDs
>> allocate for the underlying ietf-voucher object which we then repeat.
>> 
>> There is a concern if the gap between 1001000 and 1001030 was larger!
>> -27 is fortunately still a 1-byte CBOR integer.  Otherwise, we get
>> into
>> 2
>> byte CBOR integers and even three byte ones.  Since the delta is
>> relative to the enclosing value, not the previous value, we can't even
>> amortize the gap.
>> 
>> This is an argument to not re-using the values.
> 
> Well, that concludes the exercise for me.
> Now we can make the examples and fix the cwt-voucher SID allocation
> 
>> 
>>     > Both can be identified nicely though the presence of 1001030 or
>> 1001000
>> 
>>     > However, when using comi to return the value of for example:
>>     > ietf-voucher/created-on, or
>>     > iet-cwt-voucher/created-on
>> 
>>     > The request for both is identical:
>> 
>>     > GET //example-server.com/c/1001003
>> 
>>     > The server does not know which one to return.
>>     > Did I miss something?

v2.23.0 | Report a Bug | By Email