On 2023-06-17 8:44, Ilari Liusvaara wrote:
On Mon, Jun 12, 2023 at 06:59:55PM +0000, Sipos, Brian J. wrote:
All,
The DTN WG was in need of a security mechanism to allow using asymmetric key
algorithms within Bundle Protocol [2] and BPSec [3], and has proposed using
COSE messages for this purpose [1]. It's a helpful side effect that COSE
provides a path to future algorithms, but for now we are focused on
interoperation within preexisting PKI environments. The reason I'm writing
is to get some feedback from the COSE WG about the profile of COSE that is
proposed in Section 3 [1] and the way in which the "additional headers" are
used and AAD is constructed in Section 2.
What does "deterministically encoded form of a CBOR sequence" mean? A
sequence where each element is using Core Deterministic Encoding from
RFC8949?
Right. This enables you to create CBOR application data holding an enveloped
signature element rather than COSE/JOSE signature objects with embedded
application data. Headers remain in clear as well.
Example: https://github.com/cyberphone/D-CBOR#example
Try it online: https://test.webpki.org/csf-lab/home
Anders
Nitpick: The layer numbering in COSE starts from zero, not one.
Otherwise looks pretty sensible from COSE PoV.
And I get the feeling that section 3.2 could be written in a lot cleaner
way.
And hopefully spec defining use of HPKE in COSE will be out soon...
[1] https://www.ietf.org/archive/id/draft-ietf-dtn-bpsec-cose-01.html
-Ilari
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
