Hi John:
My web browser indeed served up an older version - my apologies.
If a device has to implement signature verification logic for a
signature scheme, it is highly likely that that device also uses this
algorithm for signing (if only to amortize some of the BOM and
engineering cost). Hence, eco-system impacts should be considered, at
least in my thinking. {Where a signature scheme has known weaknesses on
the signing side, one should try and steer way from inadvertently
enticing moral hazards.}
I hope this helps, Rene
On 2021-03-11 6:06 p.m., John Mattsson wrote:
- secp256r1is supported and included in Figure 9. Fig 4? Are you maybe reading
some old version?
- C509 is CBOR encoding of X509. It follows X.509 and does should not
really go into security aspects of the algs. Also note that the
signature would be made by a CA, not an IoT device.
John
*From: *COSE <[email protected]> on behalf of Rene Struik
<[email protected]>
*Date: *Thursday, 11 March 2021 at 23:54
*To: *Ivaylo Petrov <[email protected]>, cose <[email protected]>
*Cc: *Cose Chairs Wg <[email protected]>
*Subject: *Re: [COSE] Conditional call for adoption:
draft-mattsson-cose-cbor-cert-compress
Dear colleagues:
I think considering ways to represent certificates more efficiently
may be useful, where this draft could be a possible starting point to
work from.
I have not yet read the entire draft, but am wondering about some of
the underlying philosophies, where, e.g.,
(a) in Fig. 4 (CBOR Cert Public Key Algorithms), NIST curve P-256 is
not supported, whereas curves isomorphic to Curve25519 are, which
seems to be inconsistent;
(b) in Fig. 3 (CBOR Cert Signature Algorithms), EdDSA is supported,
whereas this deterministic scheme is known to be susceptible to
single-fault attacks, which seems to be contrary to best current practice.
The above comments should not prevent using this draft as a starting
point, though.
Best regards, Rene
On 2021-03-02 4:46 p.m., Ivaylo Petrov wrote:
Dear all,
This message starts the conditional *call for adoption* of the
following draft :
* *draft-mattsson-cose-cbor-cert-compress-08*
-
https://datatracker.ietf.org/doc/html/draft-mattsson-cose-cbor-cert-compress-08
<https://datatracker.ietf.org/doc/html/draft-mattsson-cose-cbor-cert-compress-08>
In previous meetings and email discussions, we have already
discussed this draft on multiple occasions. It appears to us that
there is significant support for the adoption of this document. If
you have *read the draft*, please indicate whether you support its
adoption as a working group item or not. As it appears that there
is sufficient support for adopting it, *we are especially
interested in knowing if there are any objections.*
Please note that the adoption of this work is *dependent on
the result of the COSE WG rechartering*. If the new charter is
accepted in a form that allows this work to be taken in COSE,
the result of this adoption call will be taken into account.
We would like to remind you that adoption *does not mean they are
finished*, only that they are an *acceptable starting point*.
This call will run slightly less than two weeks, *ending on March
12*. Please try to respond before that date.
Best regards,
- Matthew and Ivaylo
COSE Working Group Chairs
_______________________________________________
COSE mailing list
[email protected] <mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/cose
<https://www.ietf.org/mailman/listinfo/cose>
--
email:[email protected] <mailto:[email protected]> | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 287-3867
--
email: [email protected] | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 287-3867
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
