Re: [COSE] Digests (hashes) in COSE?

Tue, 27 Feb 2018 20:56:02 -0800 

I have used an alg id for a plain hash in a CBOR/COSE implementation.  Without 
going into details it was a special-purpose singing scheme. I ended up using an 
id in the for-private-use space. 

My use aside, it seems helpful and useful to have SHA-256, 384... and friends 
in the COSE IANA registry. 

LL

________________________________________
From: COSE <cose-boun...@ietf.org> on behalf of Jim Schaad 
<i...@augustcellars.com>
Sent: Tuesday, February 27, 2018 4:48 PM
To: 'Carsten Bormann'; cose@ietf.org
Subject: Re: [COSE] Digests (hashes) in COSE?

I need to re-publish my document with hash algorithms, however I am not sure 
what needs to be placed in this structure in some ways.

Is there something beyond

MAC = [
    Digest : bstr,
    Algorithm: alg_id
]

If you start trying to carry the content you end up with problems because it is 
just as often pointed to.  Not sure that putting the pointer in the digest 
computation would make sense as this value often chances as well.

Are you thinking of something specific that should be part of this?

I am not sure just how strong the demand is for parametrized hash algorithms 
is.  I have used a couple in my lifetime, but always as cases to see what would 
happen and have never used one in the wild.

Jim


> -----Original Message-----
> From: COSE [mailto:cose-boun...@ietf.org] On Behalf Of Carsten Bormann
> Sent: Monday, February 26, 2018 9:01 AM
> To: cose@ietf.org
> Subject: [COSE] Digests (hashes) in COSE?
>
> I think that has come up before, but today in the SUIT WG Interim we briefly
> discussed a structure where it would be useful to contain multiple unkeyed
> digests (hashes) in one signed claim (*).  In COSE, we have a registry for
> keyed MAC schemes, but not for hashes.  We also don’t have a COSE_Digest
> structure (which would be quite simple, I believe) either (**).
>
> To avoid everyone defining their own way of describing hashes, should we
> be setting this up for COSE?
> We would have to be fast to be relevant for SUIT.
>
> Grüße, Carsten
>
> (*) https://tools.ietf.org/html/draft-moran-suit-manifest-01#section-4
> (**) maybe a bit like CMS digestedData, but simpler of course
>
> _______________________________________________
> COSE mailing list
> COSE@ietf.org
> https://www.ietf.org/mailman/listinfo/cose

_______________________________________________
COSE mailing list
COSE@ietf.org
https://www.ietf.org/mailman/listinfo/cose
_______________________________________________
COSE mailing list
COSE@ietf.org
https://www.ietf.org/mailman/listinfo/cose

Reply via email to