IETF Logo Mail Archive

Re: [Yot] questions concerning sid value assignments

Michel Veillette <Michel.Veillette@trilliant.com> Tue, 20 February 2018 15:47 UTC

Return-Path: <Michel.Veillette@trilliant.com>
X-Original-To: yot@ietfa.amsl.com
Delivered-To: yot@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19FA2127867 for <yot@ietfa.amsl.com>; Tue, 20 Feb 2018 07:47:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=trilliant.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A-9W6crgW7bz for <yot@ietfa.amsl.com>; Tue, 20 Feb 2018 07:47:42 -0800 (PST)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0138.outbound.protection.outlook.com [104.47.42.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A985812762F for <yot@ietf.org>; Tue, 20 Feb 2018 07:47:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Trilliant.onmicrosoft.com; s=selector1-Trilliant-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=xXJ195b95/xF5KuLOoa1YsOxL+lp02dyNpLsysdytVU=; b=nq39Nouu7xIA3n6nAcGyVnR0c/vn8RPYuJjgYiiqJj/g6Gfwmq0UsyTjsksFT/dzY6+AJdgM+nu7rpIoj4/8rDo3fSOPlor6+/aLVZo6n0bySJi6ap5w86bNZIIY51HuQMKYXrEMdy5Ue0aCr0E9FYf5fdr30J/VAab8Sz/5tiI=
Received: from BN6PR06MB2308.namprd06.prod.outlook.com (10.173.19.139) by BN6PR06MB2353.namprd06.prod.outlook.com (10.173.19.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Tue, 20 Feb 2018 15:47:38 +0000
Received: from BN6PR06MB2308.namprd06.prod.outlook.com ([10.173.19.139]) by BN6PR06MB2308.namprd06.prod.outlook.com ([10.173.19.139]) with mapi id 15.20.0506.023; Tue, 20 Feb 2018 15:47:38 +0000
From: Michel Veillette <Michel.Veillette@trilliant.com>
To: "consultancy@vanderstok.org" <consultancy@vanderstok.org>, Michael Richardson <mcr+ietf@sandelman.ca>
CC: "yot@ietf.org" <yot@ietf.org>, "Panos Kampanakis (pkampana)" <pkampana@cisco.com>, Kent Watsen <kwatsen@juniper.net>
Thread-Topic: questions concerning sid value assignments
Thread-Index: AQHTpQPfhSqbn4YZKUWz13ZUgu+sMqOji5SAgADfF2CAAL4JgIAGYJWAgACKGYCAAO+CgIAAb0sg
Date: Tue, 20 Feb 2018 15:47:38 +0000
Message-ID: <BN6PR06MB23084AE32829AFCE40B1A9359ACF0@BN6PR06MB2308.namprd06.prod.outlook.com>
References: <faa44e95aa561876f119edc7358fd118@xs4all.nl> <26096.1518551413@obiwan.sandelman.ca> <9e0d297ad888a36e16921d10873cc947@xs4all.nl> <BN6PR06MB23082D66ED7486BDA002B1DBFEF50@BN6PR06MB2308.namprd06.prod.outlook.com> <eaccba06f07bc88eac32285fb8880f06@xs4all.nl> <22cc48128046319c662c116bcc39d761@xs4all.nl> <8136.1519064595@obiwan.sandelman.ca> <541bb64fbea71cf95ab50caadcf37a60@xs4all.nl>
In-Reply-To: <541bb64fbea71cf95ab50caadcf37a60@xs4all.nl>
Accept-Language: fr-CA, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michel.Veillette@trilliant.com;
x-originating-ip: [207.96.192.122]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR06MB2353; 7:XxDQTpsGZS2b3ph0XN8pihQOyMkP5ucUAWV9LgraVuZpM4hyeupvtBVR+iHKhhk80wOPCn37ni7zA/t/RDhh6zSB6Q9EsE7JXq+Pjbm1oiMSmibK3PF79WC5Ayen81aCRIjmIDlukbsM/La/mGuAmHKMGm3UrbzjVThbOFga7fcEXieYB1qkN4vnM3zMJe3Cq53EnrMXrofWomUYNsrp8B6fz/EkatoRbqWI8LBho+0zqGGeu8+Stoh+g/UQNxjo
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: b13145f2-c62b-4559-867b-08d5787944e5
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:BN6PR06MB2353;
x-ms-traffictypediagnostic: BN6PR06MB2353:
x-microsoft-antispam-prvs: <BN6PR06MB2353A14D67E5AE649E5B64FE9ACF0@BN6PR06MB2353.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(138986009662008)(95692535739014);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(10201501046)(3231101)(944501161)(3002001)(93006095)(93001095)(6041288)(20161123560045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123558120)(6072148)(201708071742011); SRVR:BN6PR06MB2353; BCL:0; PCL:0; RULEID:; SRVR:BN6PR06MB2353;
x-forefront-prvs: 05891FB07F
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(39380400002)(376002)(366004)(39850400004)(346002)(377424004)(13464003)(199004)(189003)(6246003)(2950100002)(68736007)(106356001)(99286004)(5660300001)(2906002)(74316002)(8666007)(6436002)(33656002)(9686003)(53936002)(55016002)(54906003)(575784001)(6116002)(3846002)(4326008)(76176011)(14454004)(93886005)(105586002)(2900100001)(66066001)(81156014)(81166006)(229853002)(186003)(77096007)(3280700002)(102836004)(3660700001)(53546011)(6506007)(2501003)(26005)(7736002)(7696005)(25786009)(8936002)(86362001)(59450400001)(478600001)(110136005)(316002)(72206003)(97736004)(8676002)(305945005); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR06MB2353; H:BN6PR06MB2308.namprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: trilliant.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: gfX+wRUnkawMknf6938Wklb7lsP3SX/SswW/z+z5lMFU586piO6yAVxCkB1Gev6OABzNPOGkyOe0DKd2CaSGS1ponx5v+StZvb6JzYwBC8tEd67syBINeiNudMG4VHDG0ScTJuTQud9KBko8d6tWNSnbI/KyT1CwIzGy2APA8kg=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: Trilliant.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b13145f2-c62b-4559-867b-08d5787944e5
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Feb 2018 15:47:38.4124 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4f6fbd13-0dfb-4150-85c3-d43260c04309
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR06MB2353
Archived-At: <https://mailarchive.ietf.org/arch/msg/yot/zqlbPhMa3VZXZA6_lg-W9Lv-Q5Y>
Subject: Re: [Yot] questions concerning sid value assignments
X-BeenThere: yot@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Yang of Things <yot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yot>, <mailto:yot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/yot/>
List-Post: <mailto:yot@ietf.org>
List-Help: <mailto:yot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yot>, <mailto:yot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Feb 2018 15:47:46 -0000

Hi Peter, Hi Michael

In my previous email, I forgot to highlight the errors for the cwt-voucher encoding.

When the augment is on the 'voucher-artifac' template, the 'voucher' container is not redefined, the original definition, path and SID apply.
Only the "pinned-domain-subject-public-key-info" leaf is part of the augment and get specific SID assigned to it.

The encoding should be:
{
  1001001: {                                     
    +2 : "2016-10-07T19:31:42Z",  / SID = 1001003, created-on /
    +4 : "2016-10-21T19:31:42Z",  / SID = 1001005, expires-on /
    +1 : "verified",              / SID = 1001002, assertion /
    +10 : "JADA123456789",        / SID = 1001011, serial-number /
    +5 : h'01020D0F',             / SID = 1001006, idevid-issuer /
    +8 : h'01020D0F',             / SID = 1001009, pinned-domain-cert /
    +3 : true,                    / SID = 1001004, domain-cert-revocation-checks /
    +6 : "2017-10-07T19:31:42Z",  / SID = 1001007, last-renewal-date /
    +30 : h'01020D0F'             / SID = 1001031, pinned-domain-subject-public-key-info /
  }
}

This corrected encoding probably reinforce your current conclusion (This is an argument to not re-using the values.)

Regards,
Michel

-----Original Message-----
From: peter van der Stok [mailto:stokcons@xs4all.nl] 
Sent: Tuesday, February 20, 2018 3:40 AM
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: consultancy@vanderstok.org; yot@ietf.org; Michel Veillette <Michel.Veillette@trilliant.com>; Panos Kampanakis (pkampana) <pkampana@cisco.com>; Kent Watsen <kwatsen@juniper.net>
Subject: Re: questions concerning sid value assignments


Michael Richardson schreef op 2018-02-19 19:23:
> peter van der Stok <stokcons@xs4all.nl> wrote:
>     > I created an example for myself by heart. Can you see if my 
> memory is still
>     > correct?
> 
>     > I assume a server with one voucher module and one cwt-voucher 
> module;
>     > The augment with grouping is used for SID allocation.
>     > The diagnostic notation is used for CBOR.
> 
> Cool...
> 
>     > {
>     > 1001000: {
>     > +3 : "2016-10-07T19:31:42Z",
> 
>     > A returned cwt-voucher may look like:
> 
>     > {
>     > 1001030: {
>     > -27 : "2016-10-07T19:31:42Z",
> 
> It took me a moment to figure out that 1001000+3 == 1001030-27.
> That's exactly what I would think should happen if we have SIDs 
> allocate for the underlying ietf-voucher object which we then repeat.
> 
> There is a concern if the gap between 1001000 and 1001030 was larger!
> -27 is fortunately still a 1-byte CBOR integer.  Otherwise, we get 
> into
> 2
> byte CBOR integers and even three byte ones.  Since the delta is 
> relative to the enclosing value, not the previous value, we can't even 
> amortize the gap.
> 
> This is an argument to not re-using the values.

Well, that concludes the exercise for me.
Now we can make the examples and fix the cwt-voucher SID allocation

> 
>     > Both can be identified nicely though the presence of 1001030 or
> 1001000
> 
>     > However, when using comi to return the value of for example:
>     > ietf-voucher/created-on, or
>     > iet-cwt-voucher/created-on
> 
>     > The request for both is identical:
> 
>     > GET //example-server.com/c/1001003
> 
>     > The server does not know which one to return.
>     > Did I miss something?

v2.23.0 | Report a Bug | By Email