On Wed, Oct 05, 2022 at 02:21:37PM +0000, Maik Riechert wrote: > Let me address your points in a question/answer style (hopefully > covering your points well enough). > > Q: Is this all application-specific? > In the current spec > (https://www.ietf.org/archive/id/draft-birkholz-scitt-receipts-01.html) > we tried to have a minimal generic top-level structure (3.) and then > depending on the "tree algorithm" an inner application-specific / > tree-specific structure, currently with a single one defined to > support CCF-compatible implementations. > > Q: Is a COSE algorithm always a cryptographic primitive? > Likely. I'm assuming this is where some of the pushback comes from, > as we would regard SCITT-CCF-ES256 as a cryptographic primitive in > that sense, even though it is not.
Well, if the intention is to map CCF into signature algorithm, a lot of pushback is coming from excess complexity making it application- specific. Specifically, the leaf stuff and node_certificate stuff in the signature. All the leaf stuff should be moved to signature protected headers and the node certificate should be moved to signature headers. Furthermore, node certificate should be simplified to COSE_Key in COSE_Sign1 instead of X.509, perhaps with some additional headers if needed. Then the signature encoding should be simplfied to dedicated binary encoding. E.g.: - 0 or more of: 01/02 <hash> - 00 to signal inclusion proof ends. - 64-bit leaf count. - root signature. And what the signature algorithm verification would do: - Hash the message with context A. - While reading 01/02, hash last hash and hash from signature inorder/reversed with context B. - Read the 00 and leaf count, and hash leaf count and last hash with context C. - Verify that root signature is valid signature for the last hash using the given key. Apart from leaf count (which is there to support consistency proofs), this is pretty much standard batch signature. And while leaf count is unnecressary for pure batch signatures, it is very cheap. -Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
