On 2022-04-24, at 10:50, Maik Riechert <[email protected]> wrote: > > Hi Carsten, > > OK, that seems to work, but it somehow feels wrong since then you couple > multiple layers together during decoding. What's the disadvantage of always > making it an array? Is this about the one extra byte in the case of a single > countersignature?
Hi Maik, This structure was introduced in early 2016 in https://datatracker.ietf.org/doc/html/draft-ietf-cose-msg-10, specifically in PR #140 https://github.com/cose-wg/cose-spec/pull/140/files I cannot find a lot of discussion on the mailing list for this particular change; but at the same time there was some discussion about shaving off single bytes for certain use cases where it mattered. So, yes, the disadvantage of always using [+ COSE_signature] is that one gets to spend one more byte. Here is a message I sent privately in a discussion on https://datatracker.ietf.org/doc/draft-ietf-cose-countersign/ on 2022-02-07: >> I just sent a couple of comments on the intro of >> draft-ietf-cose-countersign-05.txt; I don’t know if you saw them. >> >> These were editorial, but I have one technical bellyache: >> >> Why are we using >> >> ? TBD10 => COSE_Countersignature / [+COSE_Countersignature] >> >> A COSE_Countersignature is a COSE_Signature which is an array of three >> elements, so this looks similar to an an array of three countersignatures >> until you dig deeper. Everywhere else in COSE we simply go for the [+ …] >> and have no apparent ambiguity. >> >> (There is no actual ambiguity, as a COSE_Countersignature is an array of >> three elements, only the third one of which takes the form of an array >> itself. But requiring this level of sleuthing makes me a bit uncomfortable.) Maybe I should have sent this to the list. If more people than the two of us share that bellyache, maybe we can still change it for countersignature V2. Grüße, Carsten > > -----Original Message----- > From: Carsten Bormann <[email protected]> > Sent: 22 April 2022 18:19 > To: Maik Riechert <[email protected]> > Cc: [email protected] > Subject: [EXTERNAL] Re: [COSE] Countersignature header: distinguishing > COSE_Signature from [+COSE_Signature] > > [You don't often get email from [email protected]. Learn why this is important at > https://aka.ms/LearnAboutSenderIdentification.] > > Hi Maik, > > On 2022-04-21, at 14:50, Maik Riechert > <[email protected]> wrote: >> >> [COSE_Signature] / [+ COSE_Signature] >> > > ? 7 => COSE_Signature / [+COSE_Signature] ; Counter signature > > actually (no array for a single signature). > > This can be disambiguated because the three-element array that a > COSE_Signature is, is never structured such that it can be misunderstood as > an array of COSE_Signatures. In CDDL (following some indirections): > > COSE_Signature = [ > protected : bstr .cbor header_map / bstr .size 0 > unprotected : header_map > signature : bstr > ] > > So the contents of the array starts with a byte string, then a map follows, > and it finally is a byte string. > > Maybe not the finest day of optimizing one's CBOR, but not hard to implement > either: The value for key 7 always is an array. If the first element of > that is a byte string, process (and validate) the array as a single > signature. If the first element is another array, process (and validate) the > outer array as an array of signatures. > > Grüße, Carsten > _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
