On Sun, Jun 19, 2022 at 12:46:28PM -0700, Laurence Lundblade wrote: > To get more sharp on what an addition to standard COSE would look like: > > A new signature type, COSE_SignIndirect is defined. It looks the same as > COSE_Sign. A new CBOR tag is created for it and all. > > COSE_SignIndirect = [ > Headers, > payload : bstr / nil, > signatures : [+ COSE_Signature] > ]
If it is the same as COSE_Sign, is it needed as separate type? And I do not think new tag gives reliable separation. > Hash_Structure is defined: > > Hash_Structure = [ > context: “Hash”, > body_protected : empty_or_serialized_map, > external_aad : bstr, > payload : bstr > ] > > SigIndirect_structure is defined as an alternative to Sig_structure. > They are different enough that I don’t think it is worth tweaking > Sig_structure. > > Sig_structure = [ > context : “SignatureIndirect", > sign_protected : empty_or_serialized_map, > body_hash: bstr > ] Oh yeah, the signature structure needs a lot of tweaking, and a new one is cleanest. And a new context too. > When signing: > - Select the hash function you are going to use and put its ID in a > body protected header (hash function is always required, so no > need to mark critical) Yeah, maybe the critical is not needed due to hashing altering the signature context (JOSE does not have a context to alter), which guarantees a failure if indirect signature gets misinterpreted as direct. > - Create any other body protected headers of interest, perhaps a > salt (mark them critical if they are) Regarding salt, the receiver just has to ignore it. But yes, there might be other critical headers. > - Create the Hash_Structure (use deterministic encoding) > - Run Hash_Structure through the selected hash function > - For each signature > - Select the signing algorithm and put it in a signer protected > header > - Create any other signer protected headers of interest > - Create the SigIndirect_structure (use deterministic encoding) > - Sign it using the selected signing algorithm > > This seems the cleanest and most in line with the rest of COSE. It > allows for all the protected and unprotected headers one could want. > It allows for AAD and/or payload. > > Does this seem right for a standard proposal? Yes, this seems to be in the right direction. -Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
