I think it may actually be helpful to give examples of thumbprints where the order in the example will be changed by the canonical encoding.
For example, when implementing this, I purposefully constructed COSE Keys in an order that would be changed by the canonization process, https://github.com/transmute-industries/cose/blob/main/test/keys/cose-key.generate.test.ts#L52 ... including extraneous fields that will be omitted, is probably also a good idea... https://github.com/transmute-industries/cose/blob/main/src/key/thumbprint.ts#L10 Bugged implementations of the draft will fail for these examples, which is good, and it will force them to correct the ordering / required fields. However, if we really wish to provided full examples, here is some complete diagnostic: A private key (with non canonical order) ~~~~ cbor-diag { 1: 2, -4: h'65A298251942FFCC9D20856A12B416F7365A079307C486A5410A9CA932CEE3CD' 3: -7, -1: 1, -2: h'0AFA25C74FEF267920BB635D518ED92CB23C35BC0CF80528DD120CFA47329BF8', 2: h'17C4C2359EE52C9817DC12B5A41BEDBA49538C8E13DA456FC241E1DA0FFCD620', -3: h'5DAF04447CFC22FFC51361B92B91AED3E1274A41B5E44F1564BA6450D29A2CB8', } ~~~~ The public key in canonical order ~~~~ cbor-diag { 1: 2, -1: 1, -2: h'0AFA25C74FEF267920BB635D518ED92CB23C35BC0CF80528DD120CFA47329BF8', -3: h'5DAF04447CFC22FFC51361B92B91AED3E1274A41B5E44F1564BA6450D29A2CB8', } ~~~~ The thumbprint for the public key: ~~~~ cbor-diag h'17C4C2359EE52C9817DC12B5A41BEDBA49538C8E13DA456FC241E1DA0FFCD620' ~~~~ ^ these should be independently confirmed before being included in the draft. OS On Mon, Oct 23, 2023 at 2:05 AM Hannes Tschofenig <[email protected]> wrote: > Thanks for the timely review, Mike. > > > I agree with all your comments and will incorporate them into the draft > for submission today. > > > Ciao > > Hannes > > > Am 23.10.2023 um 05:21 schrieb Michael Jones: > > There is one substantive issue identified below to address in the draft. > The rest are editorial. > > > > Section 1 (Introduction): Change “the registry created by [RFC8747 > <https://www.ietf.org/archive/id/draft-ietf-cose-key-thumbprint-03.html#RFC8747> > ]” to “the IANA "CWT Confirmation Methods" registry created by [RFC8747 > <https://www.ietf.org/archive/id/draft-ietf-cose-key-thumbprint-03.html#RFC8747> > ]”. > > > > Section 6 (Example): In the text below, the two clauses both say that > values are correctly ordered, but the orders are different! Please correct > this to use the same correct order in both. > > > > The required order based on Section 4.2.1 of [RFC8949 > <https://www.ietf.org/archive/id/draft-ietf-cose-key-thumbprint-03.html#RFC8949> > ] is: > > · "y" (label: -3, data type: bstr) > > · "x" (label: -2, data type: bstr) > > · "crv" (label: -1, data type: int) > > · "kty" (label: 1, data type: int) > > The resulting COSE Key structure, in CBOR diagnostic format with > line-breaks added for better readability, with the minimum parameters in > the correct order are. > > { > > 1:2, > > -1:1, > > -2:h'65eda5a12577c2bae829437fe338701a > > 10aaa375e1bb5b5de108de439c08551d', > > -3:h'1e52ed75701163f7f9e40ddf9f341b3d > > c9ba860af7e0ca7ca7e9eecd0084d19c' > > } > > > > > > Section 8 (IANA Considerations): Add “IANA” before “"CWT Confirmation > Methods" registry”. > > > > Section 9 (Acknowledgements): Please change “Mike Jones” to “Michael B. > Jones”. (I use that professionally because there are a whole lot of Mike > Joneses out there!) > > > > Thanks for writing this specification. > > > > -- Mike > > > > _______________________________________________ > COSE mailing [email protected]https://www.ietf.org/mailman/listinfo/cose > > _______________________________________________ > COSE mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/cose > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
