> We believe the draft is ready for WGLC Agree.
Orie and I continued the conversation regarding detached payloads on the transparency dev slack. It was confirmed that detaching the payloads for consistency proofs for CT style merkle trees is both possible and can add safety for the verification of the signature over the proof. However, it can't be specified that way in COSE Receipts and still be compatible with RFC 9162 and RFC 6962. Transparency dev have added a method to there merkle api so that implementers can chose this method if they wish: https://github.com/transparency-dev/merkle/pull/140/files For the mmr based VDS we use we do something similar. The python reference implementation of our consistency proof verification is here: https://github.com/robinbryce/merkle-mountain-range-proofs/blob/main/algorithms.py#L157 The go lang variant were we chose to align with the attached roots of COSE-Receipts is here: https://github.com/datatrails/go-datatrails-merklelog/blob/2fca32c8b35c051359c5daa2af4d0fbf0fd281e6/mmr/verifyconsistency.go#L40 FAOD: The point here is just that multiple VDS's can plausibly choose to *detach* the payload for consistency proofs in order to add a bit of safety to the verification process by requring that the root material is first re-constructed from the proofs. And as the draft stands, different VDS specs can chose to do this. Cheers, Robin On Tue, 17 Sept 2024 at 18:05, Orie Steele <[email protected]> wrote: > > Hi, > > Authors have closed the last remaining issue, other than the request for > early allocation of code points. > > The last remaining issue was: > > https://github.com/cose-wg/draft-ietf-cose-merkle-tree-proofs/issues/30 > > There was discussion about whether to try to create a symmetry between > inclusion and consistency receipts for RFC 9162. > > After consulting with implementations, and reviewing the relevant RFCs: > > - https://datatracker.ietf.org/doc/html/rfc9162#section-2.1.4.2 > - https://github.com/transparency-dev/merkle/blob/main/proof/verify.go#L57 > - https://github.com/transparency-dev/merkle/blob/main/proof/verify.go#L78 > > We've opted to not change ( or align these ) : > > - > https://datatracker.ietf.org/doc/html/draft-ietf-cose-merkle-tree-proofs-05#section-5.3.1-8 > - > https://datatracker.ietf.org/doc/html/draft-ietf-cose-merkle-tree-proofs-05#section-5.2.1-7 > > The reason being that implementations of CT and KT are likely based on the > RFCs, and take as input: > > treeHead1, treeSize1, treeHead2, treeSize2, intermediateNodes > > It would require changes to the code to support verifying a detached payload > consistency proof receipt... and these changes would need to be made, while > breaking compatibility with RFC 9162 and RFC 6962. > > We do not believe that would lead to more interoperable implementations of > COSE Receipts with the associated binary merkle tree as the verifiable data > structure, and have closed the associated issue, after much discussion. > > We believe the draft is ready for WGLC. > > Regards, > > OS (on behalf of draft-ietf-cose-merkle-tree-proofs authors / contributors) > > _______________________________________________ > COSE mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
