All, The DTN WG was in need of a security mechanism to allow using asymmetric key algorithms within Bundle Protocol [2] and BPSec [3], and has proposed using COSE messages for this purpose [1]. It's a helpful side effect that COSE provides a path to future algorithms, but for now we are focused on interoperation within preexisting PKI environments. The reason I'm writing is to get some feedback from the COSE WG about the profile of COSE that is proposed in Section 3 [1] and the way in which the "additional headers" are used and AAD is constructed in Section 2.
For some brief background: a bundle is conceptually similar to an email message (it has a source, destination, and payload, and takes a not-predetermined path over possibly multiple transports to the destination) and the contents of a bundle, blocks, are similar to parts of a multipart/mixed content type [4] but with explicit, unique, and stable block numbering. Security operations are scoped to blocks so allow for some complex behaviors, especially as a bundle may traverse a path with differing security environments (e.g. logical trunks or tunnels). Thanks for having a look, Brian S. [1] https://www.ietf.org/archive/id/draft-ietf-dtn-bpsec-cose-01.html [2] https://www.rfc-editor.org/rfc/rfc9171.html [3] https://www.rfc-editor.org/rfc/rfc9172.html [4] https://www.rfc-editor.org/rfc/rfc2046.html
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
