From nobody Fri Apr 7 01:34:10 2017 Return-Path: X-Original-To: cose@ietfa.amsl.com Delivered-To: cose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D425F129646 for ; Fri, 7 Apr 2017 01:34:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qwXV7CxMAfxT for ; Fri, 7 Apr 2017 01:34:06 -0700 (PDT) Received: from mail-qk0-x22a.google.com (mail-qk0-x22a.google.com [IPv6:2607:f8b0:400d:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68882128CD5 for ; Fri, 7 Apr 2017 01:34:06 -0700 (PDT) Received: by mail-qk0-x22a.google.com with SMTP id f133so40028120qke.2 for ; Fri, 07 Apr 2017 01:34:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=rt0OznU+VEoi+q5tx7l5quRbiA9fsTNT1ImlZ1yJJOY=; b=XkH1v8ywt+M+6ZSa+oXB07TJsBdWbn2Db7JGA86UJ1+qlGUMrlF6phvAcBQxFJSpAA qEiUs0z9QGaG2qew+9lKjJZNCDpLPwCGwZVJpCrUR4+hVFjDxwJgElbgyMXaH9PfeDhL S/g+9SahJQiKvWH0wJ5iImFUV2++Z0RXFEm4Zu8F+JTEetub+dlNR4BHanK42GgC3lQB 7xfqIOFm2xJnSwYyeloWSP1q06Ibg8qoU9TgZqLitQnlqdvxTOQm1OswRef0sjKZarKv X3ytVBWox7UaTplvfW0hBD6oMGQr1rrtg91eOFFaxp9iziwaEc0DYXkjlFjcL53nIsQu 9Yew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=rt0OznU+VEoi+q5tx7l5quRbiA9fsTNT1ImlZ1yJJOY=; b=LNt33pQRX0FARnS8ZOBaMkWt6sRxEx59RCWi6CRMD+nM11VIGk0zI3/06iya425Q9k dzXoqD8V35NfdFsxzdYsABGHbp+KvC3qTsu+058uW2kM9y+J7Nwhj2lHtxcym99UEKkz ZdRgU/rvxOToFlxQ1DexB+fWLJZpvTzA/VzeuEqXD6bO62C324wwU1jVZqNcx9fBOrkV LmcINHLMVkXgMeCd1xmud36RFqPPbPbr1FOCP/HF8RRr1OGLTO5nqRACOqENtCm4K+yM jot02Xk7dy0LYYChrDjO7lWcJElq7TE6DDkfP0JnEh3JIVJtUS89rD3tL1Xz0RaWbzRS Lz6w== X-Gm-Message-State: AFeK/H11v5v2QEOloeU1izw1LtntzD2ixTSgeShXg7J0SyEYBZAUF8hz7bcRfbYI2G4eN55ssS2LBfRfGl1BaQ== X-Received: by 10.55.182.193 with SMTP id g184mr22962895qkf.20.1491554045531; Fri, 07 Apr 2017 01:34:05 -0700 (PDT) MIME-Version: 1.0 Received: by 10.200.36.21 with HTTP; Fri, 7 Apr 2017 01:33:45 -0700 (PDT) In-Reply-To: <094001d10451$cccec4e0$666c4ea0$@augustcellars.com> References: <08eb01d103c8$3deade00$b9c09a00$@augustcellars.com> <561A2C9B.5060104@tzi.org> <094001d10451$cccec4e0$666c4ea0$@augustcellars.com> From: Renzo Navas Date: Fri, 7 Apr 2017 10:33:45 +0200 Message-ID: To: cose Cc: Carsten Bormann , Jim Schaad Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [COSE] Assigning CBOR tags to key structures X-BeenThere: cose@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: CBOR Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Apr 2017 08:34:09 -0000 Hi all! Sorry to revive this 1 and half year old topic. In the end we finally have no CBOR Tag for COSE_Key and COSE_KeySet, I could not find at IANA (nor on the cose rev 24 document) :( Was it discarded at the end, why? or there is a chance to still get the tag at IANA? Regards ! Renzo ------------ PS: some more details of why this can be useful follow: More details on the Use Case: transporting a symmetric key with COSE_Key , it has to be protected, so wrapped on an Encrypt0 message (Tag 16); Would be nice have a tag to identify that the payload is a Cose_key object; it is true at the moment I can design the app to always expect a keyobjet as the payload of an encrypt0 ... ; but I'm cutting flexibility, or we can design a custom cbor structure, but we are loosing on interoperability. I have a coap server, with limited ram, and I have actually size only for for two coap resources, so I can see I will have to overload some functionality of this resource, particularly this is a sort of "/authz-info" ace resource, that I will use to do authenticated key establishment (oauth pop token provisioning), and other stuff, so probably quite overloaded. On Sun, Oct 11, 2015 at 8:22 PM, Jim Schaad wrote: > As a general rule, this makes sense to me. > > Jim > > >> -----Original Message----- >> From: Carsten Bormann [mailto:cabo@tzi.org] >> Sent: Sunday, October 11, 2015 2:32 AM >> To: Jim Schaad >> Cc: cose@ietf.org >> Subject: Re: [COSE] Assigning CBOR tags to key structures >> >> I'd propose this rule: >> If there is a media type, there should be a CBOR tag for those environme= nts that >> don't benefit from media types. >> (And generally vice versa, unless we are using CBOR tags in other than t= op-level >> positions.) >> >> Gr=C3=BC=C3=9Fe, Carsten >> >> >> Jim Schaad wrote: >> > I am currently working on the IANA text for doing assignment of CBOR >> > tags in COSE. >> > >> > There is a possibility to request tags for the KEY and KEY_SET maps in >> > the document. At the present time I have not done this. Can anybody >> > see a reason for asking for tags on these two elements other than >> completeness? >> > I.e. does anybody have a place where it would make sense to use the >> > pre-defined tags rather than knowing either a key or key set is in >> > this location (it is possible to distinguish between the two items >> > based on the an array vs map tag.) >> > >> > >> > Jim >> > >> > >> > _______________________________________________ >> > COSE mailing list >> > COSE@ietf.org >> > https://www.ietf.org/mailman/listinfo/cose >> > > > _______________________________________________ > COSE mailing list > COSE@ietf.org > https://www.ietf.org/mailman/listinfo/cose From nobody Fri Apr 7 09:05:12 2017 Return-Path: X-Original-To: cose@ietfa.amsl.com Delivered-To: cose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73B8C129400 for ; Fri, 7 Apr 2017 09:05:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=augustcellars.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pUNK_TQVZj6P for ; Fri, 7 Apr 2017 09:05:08 -0700 (PDT) Received: from mail4.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B177127863 for ; Fri, 7 Apr 2017 09:05:08 -0700 (PDT) Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Language: en-us DKIM-Signature: v=1; a=rsa-sha256; d=augustcellars.com; s=winery; c=simple/simple; t=1491581092; h=from:subject:to:date:message-id; bh=NPR4M6PO5TIrjDCP8kl/AjpDmLEjesb8PltMeoDYYfg=; b=JeZmzvX8i71thHFhha6yefB3ZiwyjZBkTf6jmzdxVbVMVeQO6r9q5HHKZZ5yyaS7PccRAUA4fhE h8vTw0kWTaBeWHoOp9JA/fR4tH5leNbi09tH931tBz4gXeCnhdTyWqc3+qrMZZLYFwUC7xc57TEjq WBR91dmWALN5L4Bv0T2vvcMSyJxzcHbhNlfoB9zpNBdHK/JaY673LtFKhi+rEVfLWPsKz9LR3c2p+ EQbrVTtHAgVVkvVch+M0ChMXGhCDFMX4fSQBzpXNKRKr3Sta6KA7G3EODZiwDok4syrgcSSQLBMAH BT5oK76wRN5D0PU3a6yHqOSp2JAC66rNTIrA== Received: from mail2.augustcellars.com (192.168.1.201) by mail4.augustcellars.com (192.168.1.153) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 7 Apr 2017 09:04:51 -0700 Received: from hebrews (192.168.0.98) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 7 Apr 2017 09:04:49 -0700 From: Jim Schaad To: 'Renzo Navas' , 'cose' CC: 'Carsten Bormann' References: <08eb01d103c8$3deade00$b9c09a00$@augustcellars.com> <561A2C9B.5060104@tzi.org> <094001d10451$cccec4e0$666c4ea0$@augustcellars.com> In-Reply-To: Date: Fri, 7 Apr 2017 09:04:47 -0700 Message-ID: <028601d2afb8$afa316f0$0ee944d0$@augustcellars.com> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQGex/CO2QN+9BtqSk7SR9o8Xg6cPgIFoq+pArZgrAsCiFAtDqHnogQw X-Originating-IP: [192.168.0.98] Archived-At: Subject: Re: [COSE] Assigning CBOR tags to key structures X-BeenThere: cose@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: CBOR Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Apr 2017 16:05:11 -0000 There is a content type that was defined. This can be used for the same = purpose by including a content type in the protected properties. This = allows for identification of the content before doing the decryption. jim > -----Original Message----- > From: Renzo Navas [mailto:renzoefra@gmail.com] > Sent: Friday, April 7, 2017 1:34 AM > To: cose > Cc: Carsten Bormann ; Jim Schaad = > Subject: Re: [COSE] Assigning CBOR tags to key structures >=20 > Hi all! > Sorry to revive this 1 and half year old topic. >=20 > In the end we finally have no CBOR Tag for COSE_Key and COSE_KeySet, I > could not find at IANA (nor on the cose rev 24 document) :( Was it = discarded > at the end, why? or there is a chance to still get the tag at IANA? >=20 > Regards ! >=20 > Renzo >=20 >=20 > ------------ >=20 > PS: some more details of why this can be useful follow: >=20 > More details on the Use Case: transporting a symmetric key with = COSE_Key , it > has to be protected, so wrapped on an Encrypt0 message (Tag 16); Would = be > nice have a tag to identify that the payload is a Cose_key object; it = is true at > the moment I can design the app to always expect a keyobjet as the = payload of > an encrypt0 ... ; but I'm cutting flexibility, or we can design a = custom cbor > structure, but we are loosing on interoperability. > I have a coap server, with limited ram, and I have actually size only = for for two > coap resources, so I can see I will have to overload some = functionality of this > resource, particularly this is a sort of "/authz-info" ace resource, = that I will use > to do authenticated key establishment (oauth pop token provisioning), = and > other stuff, so probably quite overloaded. >=20 >=20 >=20 >=20 > On Sun, Oct 11, 2015 at 8:22 PM, Jim Schaad > wrote: > > As a general rule, this makes sense to me. > > > > Jim > > > > > >> -----Original Message----- > >> From: Carsten Bormann [mailto:cabo@tzi.org] > >> Sent: Sunday, October 11, 2015 2:32 AM > >> To: Jim Schaad > >> Cc: cose@ietf.org > >> Subject: Re: [COSE] Assigning CBOR tags to key structures > >> > >> I'd propose this rule: > >> If there is a media type, there should be a CBOR tag for those > >> environments that don't benefit from media types. > >> (And generally vice versa, unless we are using CBOR tags in other > >> than top-level > >> positions.) > >> > >> Gr=C3=BC=C3=9Fe, Carsten > >> > >> > >> Jim Schaad wrote: > >> > I am currently working on the IANA text for doing assignment of > >> > CBOR tags in COSE. > >> > > >> > There is a possibility to request tags for the KEY and KEY_SET = maps > >> > in the document. At the present time I have not done this. Can > >> > anybody see a reason for asking for tags on these two elements > >> > other than > >> completeness? > >> > I.e. does anybody have a place where it would make sense to use = the > >> > pre-defined tags rather than knowing either a key or key set is = in > >> > this location (it is possible to distinguish between the two = items > >> > based on the an array vs map tag.) > >> > > >> > > >> > Jim > >> > > >> > > >> > _______________________________________________ > >> > COSE mailing list > >> > COSE@ietf.org > >> > https://www.ietf.org/mailman/listinfo/cose > >> > > > > > _______________________________________________ > > COSE mailing list > > COSE@ietf.org > > https://www.ietf.org/mailman/listinfo/cose From nobody Fri Apr 7 09:14:49 2017 Return-Path: X-Original-To: cose@ietfa.amsl.com Delivered-To: cose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F20C5127863 for ; Fri, 7 Apr 2017 09:14:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K40gfHw9eW5G for ; Fri, 7 Apr 2017 09:14:45 -0700 (PDT) Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C762E124282 for ; Fri, 7 Apr 2017 09:14:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [134.102.201.11]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id v37GEDkm004030; Fri, 7 Apr 2017 18:14:13 +0200 (CEST) Received: from [192.168.217.124] (p5DCCCDC2.dip0.t-ipconnect.de [93.204.205.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3w04QX6cymzDHDD; Fri, 7 Apr 2017 18:14:12 +0200 (CEST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) From: Carsten Bormann In-Reply-To: Date: Fri, 7 Apr 2017 18:14:12 +0200 Cc: cose , Jim Schaad X-Mao-Original-Outgoing-Id: 513274452.344579-3cdfb38334bbb4e88a5fa5b15e935e7f Content-Transfer-Encoding: quoted-printable Message-Id: <507AF7D7-6060-4D8A-A4E8-502C82D5CC50@tzi.org> References: <08eb01d103c8$3deade00$b9c09a00$@augustcellars.com> <561A2C9B.5060104@tzi.org> <094001d10451$cccec4e0$666c4ea0$@augustcellars.com> To: Renzo Navas X-Mailer: Apple Mail (2.3273) Archived-At: Subject: Re: [COSE] Assigning CBOR tags to key structures X-BeenThere: cose@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: CBOR Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Apr 2017 16:14:48 -0000 Hi Renzo, where would you put such a tag? Starting the encoded CBOR with a tag would amount to a magic number = unless the media type already indicates that this is CBOR-encoded. But = then it could indicate that this is a application/cose-key in the first = place (Content-Format 101): = https://www.iana.org/assignments/core-parameters/core-parameters.xhtml#con= tent-formats Gr=C3=BC=C3=9Fe, Carsten From nobody Mon Apr 17 16:57:55 2017 Return-Path: X-Original-To: cose@ietfa.amsl.com Delivered-To: cose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C169126C2F for ; Mon, 17 Apr 2017 16:57:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7 X-Spam-Level: X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BVo3mTq7KnkO for ; Mon, 17 Apr 2017 16:57:50 -0700 (PDT) Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88F0F124D68 for ; Mon, 17 Apr 2017 16:57:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1492473470; x=1524009470; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=VUaP9e5V+aIs69OvyWKFOwxmAHEB18oXI7XqLEUIG8o=; b=ZeS9ryC6LKRtxHmVVhY4epASCam3HzDH/pbHDNWNA8oB4hoE7uZ+iikh sdVTzjOQmwUdbDas741HFfYQ2zSzcaibc1ssNlDX+K3+hy2hphlVBEjOR sYs81FR8kjZvUEaHKIx9tc37F8kjmmC5aby4ab0OfeheBkl9K1+TMfVU5 0=; X-IronPort-AV: E=Sophos;i="5.37,217,1488873600"; d="scan'208,217";a="374855393" Received: from unknown (HELO Ironmsg03-R.qualcomm.com) ([10.53.140.107]) by wolverine02.qualcomm.com with ESMTP; 17 Apr 2017 16:57:49 -0700 X-IronPort-AV: E=McAfee;i="5800,7501,8501"; a="1349588358" X-MGA-submission: =?us-ascii?q?MDGPpJ1p7SFcsirGEH3VWJmSTH8ONoDvfWZ5o3?= =?us-ascii?q?8bVemFWOzbtSVTelvB8S7rroYnCio8EgK5iPaYDIsksOidZ9N5gWGbTy?= =?us-ascii?q?VlWppNRo1KFRsWfcavLHeI0aT2QIrIg/QKMWWXS0QQvhn5uauTIQ76HN?= =?us-ascii?q?2M?= Received: from nasanexm01d.na.qualcomm.com ([10.85.0.84]) by Ironmsg03-R.qualcomm.com with ESMTP/TLS/RC4-SHA; 17 Apr 2017 16:57:49 -0700 Received: from NASANEXM01B.na.qualcomm.com (10.85.0.82) by NASANEXM01D.na.qualcomm.com (10.85.0.84) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Mon, 17 Apr 2017 16:57:48 -0700 Received: from NASANEXM01B.na.qualcomm.com ([10.85.0.82]) by NASANEXM01B.na.qualcomm.com ([10.85.0.82]) with mapi id 15.00.1178.000; Mon, 17 Apr 2017 16:57:48 -0700 From: Laurence Lundblade To: Samuel Erdtman CC: Jim Schaad , cose Thread-Topic: [COSE] New Version Notification for draft-schaad-cose-x509-00.txt Thread-Index: AQHSUE9n8gqDeU8N0UWR0TVip3PpF6HLgYAA Date: Mon, 17 Apr 2017 23:57:48 +0000 Message-ID: References: <147987163959.30322.14158962529156430503.idtracker@ietfa.amsl.com> <004901d24546$8e76bfe0$ab643fa0$@augustcellars.com> <9CE238FE-6AF0-458D-A1C7-B790870323D3@qti.qualcomm.com> <06e701d24f77$8d438280$a7ca8780$@augustcellars.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3273) x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.80.80.8] Content-Type: multipart/alternative; boundary="_000_BB0F527AE061427DAA0BC5CDDE4B9A76qtiqualcommcom_" MIME-Version: 1.0 Archived-At: Subject: Re: [COSE] New Version Notification for draft-schaad-cose-x509-00.txt X-BeenThere: cose@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: CBOR Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Apr 2017 23:57:53 -0000 --_000_BB0F527AE061427DAA0BC5CDDE4B9A76qtiqualcommcom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SXTigJlzIGJlZW4gYSB3aGlsZSwgYnV0IEkgaGF2ZSBhbm90aGVyIHNjZW5hcmlvLg0KDQpMZXTi gJlzIHNheSB0aGUga2V5IHBhaXIgaXMgZ2VuZXJhdGVkIG9uIGEgZGV2aWNlLCBidXQgdGhlIGNl cnRpZmljYXRlIGlzIG5vdCBvbiB0aGUgZGV2aWNlIGJlY2F1c2UgdGhlIGRldmljZSBpcyB2ZXJ5 IGNvbnN0cmFpbmVkIG9yIHRoZXJlIGFyZSBvdGhlciBjb25zaWRlcmF0aW9ucy4gIFRoZSBjZXJ0 aWZpY2F0ZSBpcyB0byBiZSBwaWNrZWQgdXAgZnJvbSBhIHNlcnZlciBvciBzb21lIG90aGVyIHBh cnQgb2YgdGhlIHN5c3RlbSBpbmZyYXN0cnVjdHVyZS4NCg0KSW4gdGhhdCBjYXNlIGlkZW50aWZ5 aW5nIHRoZSBjZXJ0aWZpY2F0ZSBieSB0aGUgcHVibGljIGtleSBvciBzb21lIGRlcml2YXRpb24g b2YgdGhlIHB1YmxpYyBrZXkgaXMgdmVyeSBoZWxwZnVsLiAgU3ViamVjdCBLZXkgSUQgZnJvbSBS RkMgNTI4MCBzZWN0aW9uIDQuMi4xLjIgc2VlbXMgZXhhY3RseSB0aGUgcmlnaHQgdGhpbmcuIFRo ZSBwYXJhbWV0ZXIgbmFtZSBjb3VsZCBiZSDigJx4NWnigJ0gb3Ig4oCceDVza2nigJ0uDQoNCkZv ciBmdWxsIGFuZCBzdGFuZGFyZGl6ZWQgaW50ZXJvcCwgd2Ugd291bGQgaGF2ZSB0byBnbyBvbmUg c3RlcCBmdXJ0aGVyIHRoYW4gUkZDIDUyODAgYW5kIFJGQyA3MDkzIHRvIGZvcm1hbGx5IGRlZmlu ZSB0aGUgaG93IHRoZSBTdWJqZWN0IEtleSBJRCBpcyBjcmVhdGVkIGZyb20gdGhlIGtleSBpdHNl bGYuICBSRkMgNTI4MCBvbmx5IGdpdmVzIOKAnGNvbW1vbiBtZXRob2Rz4oCdLg0KDQpMTA0KDQoN Cg0KT24gRGVjIDYsIDIwMTYsIGF0IDEwOjAxIFBNLCBTYW11ZWwgRXJkdG1hbiA8c2FtdWVsQGVy ZHRtYW4uc2U8bWFpbHRvOnNhbXVlbEBlcmR0bWFuLnNlPj4gd3JvdGU6DQoNCkhpIEppbSwNCg0K SSB0aGluayB3ZSBzaG91bGQgbmFtZSB0aGUgcGFyYW1ldGVycyBkaWZmZXJlbnRseSB4NXQsIHg1 YyBhbmQgeDV1IGFyZSB1c2VkIGluIEpPU0Ugd2l0aCBzbGlnaHRseSBkaWZmZXJlbnQgc2VtYW50 aWMuIFRoaXMgd291bGQgYmUgc2ltaWxhciB0byB0aGUgImNvbnRlbnQgdHlwZSIgaW4gdGhlIENP U0Ugc3BlY2lmaWNhdGlvbiB3aGVyZSBjdHkgaXMgbm90IHVzZWQuDQpTaW5jZSB0aGUgbmFtZXMg YXJlIG5vdCBpbmNsdWRlZCBpbiB0aGUgZW5jb2RlZCBtZXNzYWdlIGl0IG1pZ2h0IG1ha2Ugc2Vu c2UgdG8gbmFtZSB0aGVtOg0KKiB4NTA5IENlcnRpZmljYXRlIFRodW1icHJpbnQNCiogeDUwOSBD ZXJ0aWZpY2F0ZSBDaGFpbg0KKiB4NTA5IENlcnRpZmljYXRlIFVSTA0KDQovL1NhbXVlbA0KDQpP biBUdWUsIERlYyA2LCAyMDE2IGF0IDU6MTYgQU0sIEppbSBTY2hhYWQgPGlldGZAYXVndXN0Y2Vs bGFycy5jb208bWFpbHRvOmlldGZAYXVndXN0Y2VsbGFycy5jb20+PiB3cm90ZToNClRoYW5rcyBm b3IgaW5wdXQsIGl0IGlzIHNvbWV0aGluZyB0aGF0IG5vYm9keSBlbHNlIGhhcyBhY3R1YWxseSBn aXZlbiB5ZXQuDQoNCkkgY291bGQgZWFzaWx5IGdldCBiZWhpbmQgdGhlIGlkZWEgb2YgbW92aW5n IHRvIHR3byBkaWZmZXJlbnQgaGVhZGVycywgb25lIGZvciBvcmRlcmVkIGFuZCBvbmUgZm9yIGEg YmFnLiAgSSBkb27igJl0IHRoaW5rIHRoYXQgdGhlcmUgd291bGQgYmUgYSBodWdlIHByb2JsZW0g d2l0aCBhc3NpZ25pbmcgdGhlIG11bHRpcGxlIGNvZGUgcG9pbnRzLg0KDQpJIGRvbuKAmXQga25v dyBob3cgY29tbW9uL3VuY29tbW9uIGl0IGlzIGZvciBmaWVsZHMgdG8gYWxsb3cgbXVsdGlwbGUg dHlwZXMuICBJIGRvIGtub3cgdGhhdCB0aGUgQ09TRSBzcGVjIGRvZXMgaXQgaW4gYSBjb3VwbGUg b2YgcGxhY2VzLCBhbHRob3VnaCBtb3N0IG9mIHRoZW0gY2FuIGJlIGlnbm9yZWQgYXQgdGhpcyBw b2ludCBpbiB0aW1lLiAgUGVyc29uYWxseSwgSSBkb27igJl0IGZpbmQgdGhlIGNvZGUgdG8gc3Vw cG9ydCB0aGF0IGZlYXR1cmUgdG8gYmUgdmVyeSBkaWZmaWN1bHQgYW5kIGFyZ3VlZCB0aGF0IGFz IHBhcnQgb2YgdGhlIEpPU0UgZWZmb3J0IHdoZW4gdGhlIHNhbWUgdG9waWMgd2FzIGRpc2N1c3Nl ZC4NCg0KV2hpbGUgaXQgZG9lcyBub3QgZXhwbGljaXRseSBzYXkgdGhhdCBpbiBDT1NFLCBteSBh c3N1bXB0aW9uIHdhcyBhbHdheXMgdGhhdCDigJhraWTigJkgb25seSBpZGVudGlmaWVkIENPU0Ug YmFzZWQga2V5cy4gIEkgdGhpbmsgdGhhdCBpcyBwcm9iYWJseSBhbiBpbnZhbGlkIGFzc3VtcHRp b24uICBJIHdvdWxkIGhvd2V2ZXIgZXhwZWN0IHRoYXQgaWYgYW4gZXhwbGljaXQga2V5IGlzIGdp dmVuIGluIHRoZSBmb3JtIGEgY2VydGlmaWNhdGUgdGhlbiBhIGtpZCB3b3VsZCBub3QgbmVlZCB0 byBiZSBwcmVzZW50LiAgQW4gYXBwbGljYXRpb24gaG93ZXZlciBjb3VsZCBzdGF0ZSB0aGF0IGEg a2lkIGNvdWxkIGJlIHRoZSBzcGtpIHZhbHVlIGZyb20gYSBjZXJ0aWZpY2F0ZSBzbyB0aGF0IGl0 IGNvdWxkIGJlIHVzZWQgdG8gZmluZCBjZXJ0aWZpY2F0ZXMgaWYgZGVzaXJlZC4gSeKAmWxsIG1h a2UgYSBjb21tZW50IHRvIG15c2VsZiBvbiB0aGF0Lg0KDQpNb3JlIGNvbW1lbnRzIGZyb20gZXZl cnlib2R5IGFib3V0IHdoYXQgaXMgZ29vZCBhbmQgYmFkIGFyZSB3YW50ZWQuDQoNCkppbQ0KDQoN CkZyb206IEx1bmRibGFkZSwgTGF1cmVuY2UgW21haWx0bzpsbHVuZGJsYUBxdGkucXVhbGNvbW0u Y29tPG1haWx0bzpsbHVuZGJsYUBxdGkucXVhbGNvbW0uY29tPl0NClNlbnQ6IE1vbmRheSwgRGVj ZW1iZXIgMDUsIDIwMTYgNjoyMSBQTQ0KVG86IFNhbXVlbCBFcmR0bWFuIDxzYW11ZWxAZXJkdG1h bi5zZTxtYWlsdG86c2FtdWVsQGVyZHRtYW4uc2U+Pg0KQ2M6IEppbSBTY2hhYWQgPGlldGZAYXVn dXN0Y2VsbGFycy5jb208bWFpbHRvOmlldGZAYXVndXN0Y2VsbGFycy5jb20+PjsgY29zZSA8Y29z ZUBpZXRmLm9yZzxtYWlsdG86Y29zZUBpZXRmLm9yZz4+DQpTdWJqZWN0OiBSZTogW0NPU0VdIE5l dyBWZXJzaW9uIE5vdGlmaWNhdGlvbiBmb3IgZHJhZnQtc2NoYWFkLWNvc2UteDUwOS0wMC50eHQN Cg0KU29ycnkgZm9yIHRoZSBkZWxheWVkIHJlc3BvbnNlIGFuZCB0aGFua3MgZm9yIHRoZSBkcmFm dC4NCg0KVGhlIG9yZGVyIGRlZmluaXRpdmUgY2hhaW4gb3B0aW9uIGZvciB4NWMgbG9va3MgcHJl dHR5IGdvb2QuIEhvdyBkb2VzIHRoZSBraWQgcGFyYW1ldGVyIGNvbWUgaW50byBwbGF5PyBJcyB4 NWMgaW4gbGlldSBvZiBraWQ/ICBTZWVtcyBsaWtlIGl0IHdvdWxkIGJlLg0KDQpJcyBpdCB1c3Vh bCB0byBoYXZlIHRoZSBkYXRhIHR5cGUgLyBzZW1hbnRpY3MgdmFyeSBmb3Igc29tZSBDQk9SIGxp a2UgeDVjPyBIYXZlbuKAmXQgcnVuIGludG8gYW55IENCT1IgbGlrZSB0aGF0IGJlZm9yZS4gIFdv dWxkIGl0IGJlIGJldHRlciB0byBoYXZlIGFuIHg1Y2IgKGIgZm9yIGJhZykgYW5kIGFuIHg1Y28g KG8gZm9yIG9yZGVyZWQpLg0KDQpUaGFua3MhDQoNCkxMDQoNCg0KDQoNCg0KT24gTm92IDIzLCAy MDE2LCBhdCAxMDo0MyBQTSwgU2FtdWVsIEVyZHRtYW4gPHNhbXVlbEBlcmR0bWFuLnNlPG1haWx0 bzpzYW11ZWxAZXJkdG1hbi5zZT4+IHdyb3RlOg0KDQoNCkxvb2tzIGxpa2UgYSBnb29kIHN0YXJ0 IHRvIG1lLg0KTGF1cmVuY2Ugd2hhdCBkbyB5b3UgdGhpbms/DQovL1NhbXVlbA0KDQpPbiBXZWQs IE5vdiAyMywgMjAxNiBhdCA2OjAwIEFNLCBKaW0gU2NoYWFkIDxpZXRmQGF1Z3VzdGNlbGxhcnMu Y29tPG1haWx0bzppZXRmQGF1Z3VzdGNlbGxhcnMuY29tPj4gd3JvdGU6DQpUaGlzIGlzIGEgcm91 Z2ggZHJhZnQgb2Ygd2hhdCBhIHNldCBvZiBYLjUwOSBoZWFkZXJzIGNvdWxkIGxvb2sgbGlrZS4g IFRoZXJlIGlzIGxvdHMgb2YgdGhpbmdzIHRoYXQgYXJlIGluY29tcGxldGUgb3IgbWlzc2luZywg YnV0IEkgc2FpZCBJIHdvdWxkIHdyaXRlIHVwIGEgZmFzdCB2ZXJzaW9uIGZvciBwZW9wbGUgdG8g bG9vayBhdCBzbyBoZXJlIGl0IGlzLg0KDQpJZiB5b3UgYXJlIGludGVyZXN0ZWQsIHBsZWFzZSBj b21tZW50IG9uIHRoZSBoZWFkZXJzLiAgVGhlIHBvaW50ZXIgdG8gdGhlIGdpdGh1YiByZXBvc2l0 b3J5IGlzIGluIHRoZSBkb2N1bWVudC4NCg0KSmltDQoNCg0KPiAtLS0tLU9yaWdpbmFsIE1lc3Nh Z2UtLS0tLQ0KPiBGcm9tOiBpbnRlcm5ldC1kcmFmdHNAaWV0Zi5vcmc8bWFpbHRvOmludGVybmV0 LWRyYWZ0c0BpZXRmLm9yZz4gW21haWx0bzppbnRlcm5ldC1kcmFmdHNAaWV0Zi5vcmc8bWFpbHRv OmludGVybmV0LWRyYWZ0c0BpZXRmLm9yZz5dDQo+IFNlbnQ6IFR1ZXNkYXksIE5vdmVtYmVyIDIy LCAyMDE2IDc6MjcgUE0NCj4gVG86IEppbSBTY2hhYWQgPGlldGZAYXVndXN0Y2VsbGFycy5jb208 bWFpbHRvOmlldGZAYXVndXN0Y2VsbGFycy5jb20+Pg0KPiBTdWJqZWN0OiBOZXcgVmVyc2lvbiBO b3RpZmljYXRpb24gZm9yIGRyYWZ0LXNjaGFhZC1jb3NlLXg1MDktMDAudHh0DQo+DQo+DQo+IEEg bmV3IHZlcnNpb24gb2YgSS1ELCBkcmFmdC1zY2hhYWQtY29zZS14NTA5LTAwLnR4dCBoYXMgYmVl biBzdWNjZXNzZnVsbHkNCj4gc3VibWl0dGVkIGJ5IEppbSBTY2hhYWQgYW5kIHBvc3RlZCB0byB0 aGUgSUVURiByZXBvc2l0b3J5Lg0KPg0KPiBOYW1lOiAgICAgICAgIGRyYWZ0LXNjaGFhZC1jb3Nl LXg1MDkNCj4gUmV2aXNpb246ICAgICAwMA0KPiBUaXRsZTogICAgICAgICAgICAgICAgQ0JPUiBF bmNvZGVkIE1lc3NhZ2UgU3ludGF4IChDT1NFKTogSGVhZGVycyBmb3IgY2FycnlpbmcNCj4gYW5k IHJlZmVyZW5jaW5nIFguNTA5IGNlcnRpZmljYXRlcw0KPiBEb2N1bWVudCBkYXRlOiAgICAgICAg MjAxNi0xMS0yMg0KPiBHcm91cDogICAgICAgICAgICAgICAgSW5kaXZpZHVhbCBTdWJtaXNzaW9u DQo+IFBhZ2VzOiAgICAgICAgICAgICAgICA2DQo+IFVSTDogICAgICAgICAgICBodHRwczovL3d3 dy5pZXRmLm9yZy9pbnRlcm5ldC1kcmFmdHMvZHJhZnQtc2NoYWFkLWNvc2UteDUwOS0wMC50eHQN Cj4gU3RhdHVzOiAgICAgICAgIGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0 LXNjaGFhZC1jb3NlLXg1MDkvDQo+IEh0bWxpemVkOiAgICAgICBodHRwczovL3Rvb2xzLmlldGYu b3JnL2h0bWwvZHJhZnQtc2NoYWFkLWNvc2UteDUwOS0wMA0KPg0KPg0KPiBBYnN0cmFjdDoNCj4g ICAgVGhpcyBkb2N1bWVudCBkZWZpbmVzIHRoZSBoZWFkZXJzIGFuZCB1c2FnZSBmb3IgcmVmZXJy aW5nIHRvIGFuZA0KPiAgICB0cmFuc3BvcnRpbmcgWC41MDkgY2VydGlmaWNhdGVzIGluIHRoZSBD Qk9SIEVuY29kZWQgTWVzc2FnZSAoQ09TRSkNCj4gICAgU3ludGF4Lg0KPg0KPiBDb250cmlidXRp bmcgdG8gdGhpcyBkb2N1bWVudA0KPg0KPiAgICBUaGUgc291cmNlIGZvciB0aGlzIGRyYWZ0IGlz IGJlaW5nIG1haW50YWluZWQgaW4gR2l0SHViLiAgU3VnZ2VzdGVkDQo+ICAgIGNoYW5nZXMgc2hv dWxkIGJlIHN1Ym1pdHRlZCBhcyBwdWxsIHJlcXVlc3RzIGF0IDxodHRwczovL2dpdGh1Yi5jb20v DQo+ICAgIGNvc2Utd2cvWDUwOT4uICBJbnN0cnVjdGlvbnMgYXJlIG9uIHRoYXQgcGFnZSBhcyB3 ZWxsLiAgRWRpdG9yaWFsDQo+ICAgIGNoYW5nZXMgY2FuIGJlIG1hbmFnZWQgaW4gR2l0SHViLCBi dXQgYW55IHN1YnN0YW50aWFsIGlzc3VlcyBuZWVkIHRvDQo+ICAgIGJlIGRpc2N1c3NlZCBvbiB0 aGUgQ09TRSBtYWlsaW5nIGxpc3QuDQo+DQo+DQo+DQo+DQo+IFBsZWFzZSBub3RlIHRoYXQgaXQg bWF5IHRha2UgYSBjb3VwbGUgb2YgbWludXRlcyBmcm9tIHRoZSB0aW1lIG9mIHN1Ym1pc3Npb24N Cj4gdW50aWwgdGhlIGh0bWxpemVkIHZlcnNpb24gYW5kIGRpZmYgYXJlIGF2YWlsYWJsZSBhdCB0 b29scy5pZXRmLm9yZzxodHRwOi8vdG9vbHMuaWV0Zi5vcmcvPi4NCj4NCj4gVGhlIElFVEYgU2Vj cmV0YXJpYXQNCg0KDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fXw0KQ09TRSBtYWlsaW5nIGxpc3QNCkNPU0VAaWV0Zi5vcmc8bWFpbHRvOkNPU0VAaWV0Zi5v cmc+DQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2Nvc2UNCg0KDQoNCl9f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQpDT1NFIG1haWxp bmcgbGlzdA0KQ09TRUBpZXRmLm9yZzxtYWlsdG86Q09TRUBpZXRmLm9yZz4NCmh0dHBzOi8vd3d3 LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vY29zZQ0KDQoNCg0K --_000_BB0F527AE061427DAA0BC5CDDE4B9A76qtiqualcommcom_ Content-Type: text/html; charset="utf-8" Content-ID: <700527E00C389F4EAE1916C5DA22CF08@qualcomm.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0id29yZC13cmFw OiBicmVhay13b3JkOyAtd2Via2l0LW5ic3AtbW9kZTogc3BhY2U7IC13ZWJraXQtbGluZS1icmVh azogYWZ0ZXItd2hpdGUtc3BhY2U7IiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+SXTigJlzIGJl ZW4gYSB3aGlsZSwgYnV0IEkgaGF2ZSBhbm90aGVyIHNjZW5hcmlvLjwvZGl2Pg0KPGRpdiBjbGFz cz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+TGV04oCZcyBzYXkgdGhl IGtleSBwYWlyIGlzIGdlbmVyYXRlZCBvbiBhIGRldmljZSwgYnV0IHRoZSBjZXJ0aWZpY2F0ZSBp cyBub3Qgb24gdGhlIGRldmljZSBiZWNhdXNlIHRoZSBkZXZpY2UgaXMgdmVyeSBjb25zdHJhaW5l ZCBvciB0aGVyZSBhcmUgb3RoZXIgY29uc2lkZXJhdGlvbnMuICZuYnNwO1RoZSBjZXJ0aWZpY2F0 ZSBpcyB0byBiZSBwaWNrZWQgdXAgZnJvbSBhIHNlcnZlciBvciBzb21lIG90aGVyIHBhcnQgb2Yg dGhlIHN5c3RlbQ0KIGluZnJhc3RydWN0dXJlLjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xh c3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+SW4gdGhhdCBjYXNlIGlkZW50aWZ5aW5nIHRo ZSBjZXJ0aWZpY2F0ZSBieSB0aGUgcHVibGljIGtleSBvciBzb21lIGRlcml2YXRpb24gb2YgdGhl IHB1YmxpYyBrZXkgaXMgdmVyeSBoZWxwZnVsLiAmbmJzcDtTdWJqZWN0IEtleSBJRCBmcm9tIFJG QyA1MjgwIHNlY3Rpb24gNC4yLjEuMiBzZWVtcyBleGFjdGx5IHRoZSByaWdodCB0aGluZy4gVGhl IHBhcmFtZXRlciBuYW1lIGNvdWxkIGJlIOKAnHg1aeKAnSBvciDigJx4NXNraeKAnS4mbmJzcDs8 L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIi PkZvciBmdWxsIGFuZCBzdGFuZGFyZGl6ZWQgaW50ZXJvcCwgd2Ugd291bGQgaGF2ZSB0byBnbyBv bmUgc3RlcCBmdXJ0aGVyIHRoYW4gUkZDIDUyODAgYW5kIFJGQyA3MDkzIHRvIGZvcm1hbGx5IGRl ZmluZSB0aGUgaG93IHRoZSBTdWJqZWN0IEtleSBJRCBpcyBjcmVhdGVkIGZyb20gdGhlIGtleSBp dHNlbGYuICZuYnNwO1JGQyA1MjgwIG9ubHkgZ2l2ZXMg4oCcY29tbW9uIG1ldGhvZHPigJ0uJm5i c3A7PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFz cz0iIj5MTDwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYg Y2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8YnIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNz PSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPk9u IERlYyA2LCAyMDE2LCBhdCAxMDowMSBQTSwgU2FtdWVsIEVyZHRtYW4gJmx0OzxhIGhyZWY9Im1h aWx0bzpzYW11ZWxAZXJkdG1hbi5zZSIgY2xhc3M9IiI+c2FtdWVsQGVyZHRtYW4uc2U8L2E+Jmd0 OyB3cm90ZTo8L2Rpdj4NCjxiciBjbGFzcz0iQXBwbGUtaW50ZXJjaGFuZ2UtbmV3bGluZSI+DQo8 ZGl2IGNsYXNzPSIiPg0KPGRpdiBkaXI9Imx0ciIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPg0K PGRpdiBjbGFzcz0iIj5IaSBKaW0sPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPC9kaXY+ DQpJIHRoaW5rIHdlIHNob3VsZCBuYW1lIHRoZSBwYXJhbWV0ZXJzIGRpZmZlcmVudGx5IHg1dCwg eDVjIGFuZCB4NXUgYXJlIHVzZWQgaW4gSk9TRSB3aXRoIHNsaWdodGx5IGRpZmZlcmVudCBzZW1h bnRpYy4gVGhpcyB3b3VsZCBiZSBzaW1pbGFyIHRvIHRoZSAmcXVvdDtjb250ZW50IHR5cGUmcXVv dDsgaW4gdGhlIENPU0Ugc3BlY2lmaWNhdGlvbiB3aGVyZSBjdHkgaXMgbm90IHVzZWQuPGJyIGNs YXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPlNpbmNlIHRoZSBuYW1lcyBhcmUgbm90IGlu Y2x1ZGVkIGluIHRoZSBlbmNvZGVkIG1lc3NhZ2UgaXQgbWlnaHQgbWFrZSBzZW5zZSB0byBuYW1l IHRoZW06PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPiogeDUwOSBDZXJ0aWZp Y2F0ZSBUaHVtYnByaW50PGJyIGNsYXNzPSIiPg0KKiB4NTA5IENlcnRpZmljYXRlIENoYWluPGJy IGNsYXNzPSIiPg0KKiB4NTA5IENlcnRpZmljYXRlIFVSTDxiciBjbGFzcz0iIj4NCjwvZGl2Pg0K PGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCi8vU2FtdWVsPGJyIGNsYXNzPSIi Pg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSJnbWFpbF9leHRyYSI+PGJyIGNsYXNzPSIiPg0KPGRpdiBj bGFzcz0iZ21haWxfcXVvdGUiPk9uIFR1ZSwgRGVjIDYsIDIwMTYgYXQgNToxNiBBTSwgSmltIFNj aGFhZCA8c3BhbiBkaXI9Imx0ciIgY2xhc3M9IiI+DQombHQ7PGEgaHJlZj0ibWFpbHRvOmlldGZA YXVndXN0Y2VsbGFycy5jb20iIHRhcmdldD0iX2JsYW5rIiBjbGFzcz0iIj5pZXRmQGF1Z3VzdGNl bGxhcnMuY29tPC9hPiZndDs8L3NwYW4+IHdyb3RlOjxiciBjbGFzcz0iIj4NCjxibG9ja3F1b3Rl IGNsYXNzPSJnbWFpbF9xdW90ZSIgc3R5bGU9Im1hcmdpbjowIDAgMCAuOGV4O2JvcmRlci1sZWZ0 OjFweCAjY2NjIHNvbGlkO3BhZGRpbmctbGVmdDoxZXgiPg0KPGRpdiBsaW5rPSJibHVlIiB2bGlu az0icHVycGxlIiBsYW5nPSJFTi1VUyIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSJtXzQ0NzI5OTE4 Njk2MTgxMzg4NldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMt c2VyaWYiIGNsYXNzPSIiPlRoYW5rcyBmb3IgaW5wdXQsIGl0IGlzIHNvbWV0aGluZyB0aGF0IG5v Ym9keSBlbHNlIGhhcyBhY3R1YWxseSBnaXZlbiB5ZXQuPHUgY2xhc3M9IiI+PC91Pjx1IGNsYXNz PSIiPjwvdT48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlm IiBjbGFzcz0iIj48dSBjbGFzcz0iIj48L3U+Jm5ic3A7PHUgY2xhc3M9IiI+PC91Pjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtm b250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiIGNsYXNzPSIiPkkgY291 bGQgZWFzaWx5IGdldCBiZWhpbmQgdGhlIGlkZWEgb2YgbW92aW5nIHRvIHR3byBkaWZmZXJlbnQg aGVhZGVycywgb25lIGZvciBvcmRlcmVkIGFuZCBvbmUgZm9yIGEgYmFnLiZuYnNwOyBJIGRvbuKA mXQgdGhpbmsgdGhhdCB0aGVyZSB3b3VsZCBiZSBhIGh1Z2UgcHJvYmxlbSB3aXRoIGFzc2lnbmlu Zw0KIHRoZSBtdWx0aXBsZSBjb2RlIHBvaW50cy48dSBjbGFzcz0iIj48L3U+PHUgY2xhc3M9IiI+ PC91Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiIGNs YXNzPSIiPjx1IGNsYXNzPSIiPjwvdT4mbmJzcDs8dSBjbGFzcz0iIj48L3U+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiIgY2xhc3M9IiI+SSBkb27igJl0 IGtub3cgaG93IGNvbW1vbi91bmNvbW1vbiBpdCBpcyBmb3IgZmllbGRzIHRvIGFsbG93IG11bHRp cGxlIHR5cGVzLiZuYnNwOyBJIGRvIGtub3cgdGhhdCB0aGUgQ09TRSBzcGVjIGRvZXMgaXQgaW4g YSBjb3VwbGUgb2YgcGxhY2VzLCBhbHRob3VnaCBtb3N0IG9mIHRoZW0gY2FuIGJlDQogaWdub3Jl ZCBhdCB0aGlzIHBvaW50IGluIHRpbWUuJm5ic3A7IFBlcnNvbmFsbHksIEkgZG9u4oCZdCBmaW5k IHRoZSBjb2RlIHRvIHN1cHBvcnQgdGhhdCBmZWF0dXJlIHRvIGJlIHZlcnkgZGlmZmljdWx0IGFu ZCBhcmd1ZWQgdGhhdCBhcyBwYXJ0IG9mIHRoZSBKT1NFIGVmZm9ydCB3aGVuIHRoZSBzYW1lIHRv cGljIHdhcyBkaXNjdXNzZWQuPHUgY2xhc3M9IiI+PC91Pjx1IGNsYXNzPSIiPjwvdT48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIiBjbGFzcz0iIj48dSBj bGFzcz0iIj48L3U+Jm5ic3A7PHUgY2xhc3M9IiI+PC91Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVv dDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiIGNsYXNzPSIiPldoaWxlIGl0IGRvZXMgbm90IGV4 cGxpY2l0bHkgc2F5IHRoYXQgaW4gQ09TRSwgbXkgYXNzdW1wdGlvbiB3YXMgYWx3YXlzIHRoYXQg 4oCYa2lk4oCZIG9ubHkgaWRlbnRpZmllZCBDT1NFIGJhc2VkIGtleXMuJm5ic3A7IEkgdGhpbmsg dGhhdCBpcyBwcm9iYWJseSBhbiBpbnZhbGlkIGFzc3VtcHRpb24uJm5ic3A7DQogSSB3b3VsZCBo b3dldmVyIGV4cGVjdCB0aGF0IGlmIGFuIGV4cGxpY2l0IGtleSBpcyBnaXZlbiBpbiB0aGUgZm9y bSBhIGNlcnRpZmljYXRlIHRoZW4gYSBraWQgd291bGQgbm90IG5lZWQgdG8gYmUgcHJlc2VudC4m bmJzcDsgQW4gYXBwbGljYXRpb24gaG93ZXZlciBjb3VsZCBzdGF0ZSB0aGF0IGEga2lkIGNvdWxk IGJlIHRoZSBzcGtpIHZhbHVlIGZyb20gYSBjZXJ0aWZpY2F0ZSBzbyB0aGF0IGl0IGNvdWxkIGJl IHVzZWQgdG8gZmluZCBjZXJ0aWZpY2F0ZXMNCiBpZiBkZXNpcmVkLiBJ4oCZbGwgbWFrZSBhIGNv bW1lbnQgdG8gbXlzZWxmIG9uIHRoYXQuPHUgY2xhc3M9IiI+PC91Pjx1IGNsYXNzPSIiPjwvdT48 L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox MS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIiBjbGFzcz0i Ij48dSBjbGFzcz0iIj48L3U+Jm5ic3A7PHUgY2xhc3M9IiI+PC91Pjwvc3Bhbj48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls eTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiIGNsYXNzPSIiPk1vcmUgY29tbWVudHMg ZnJvbSBldmVyeWJvZHkgYWJvdXQgd2hhdCBpcyBnb29kIGFuZCBiYWQgYXJlIHdhbnRlZC48dSBj bGFzcz0iIj48L3U+PHUgY2xhc3M9IiI+PC91Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxp YnJpJnF1b3Q7LHNhbnMtc2VyaWYiIGNsYXNzPSIiPjx1IGNsYXNzPSIiPjwvdT4mbmJzcDs8dSBj bGFzcz0iIj48L3U+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1z ZXJpZiIgY2xhc3M9IiI+SmltPHUgY2xhc3M9IiI+PC91Pjx1IGNsYXNzPSIiPjwvdT48L3NwYW4+ PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7 Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIiBjbGFzcz0iIj48dSBj bGFzcz0iIj48L3U+Jm5ic3A7PHUgY2xhc3M9IiI+PC91Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVv dDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiIGNsYXNzPSIiPjx1IGNsYXNzPSIiPjwvdT4mbmJz cDs8dSBjbGFzcz0iIj48L3U+PC9zcGFuPjwvcD4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2Jv cmRlci1sZWZ0OnNvbGlkIGJsdWUgMS41cHQ7cGFkZGluZzowaW4gMGluIDBpbiA0LjBwdCIgY2xh c3M9IiI+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLXRv cDpzb2xpZCAjZTFlMWUxIDEuMHB0O3BhZGRpbmc6My4wcHQgMGluIDBpbiAwaW4iIGNsYXNzPSIi Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGIgY2xhc3M9IiI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6 ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIiBjbGFz cz0iIj5Gcm9tOjwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1m YW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIiBjbGFzcz0iIj4gTHVuZGJsYWRl LCBMYXVyZW5jZSBbbWFpbHRvOjxhIGhyZWY9Im1haWx0bzpsbHVuZGJsYUBxdGkucXVhbGNvbW0u Y29tIiB0YXJnZXQ9Il9ibGFuayIgY2xhc3M9IiI+bGx1bmRibGFAcXRpLnF1YWxjb21tLjx3YnIg Y2xhc3M9IiI+Y29tPC9hPl0NCjxiciBjbGFzcz0iIj4NCjxiIGNsYXNzPSIiPlNlbnQ6PC9iPiBN b25kYXksIERlY2VtYmVyIDA1LCAyMDE2IDY6MjEgUE08YnIgY2xhc3M9IiI+DQo8YiBjbGFzcz0i Ij5Ubzo8L2I+IFNhbXVlbCBFcmR0bWFuICZsdDs8YSBocmVmPSJtYWlsdG86c2FtdWVsQGVyZHRt YW4uc2UiIHRhcmdldD0iX2JsYW5rIiBjbGFzcz0iIj5zYW11ZWxAZXJkdG1hbi5zZTwvYT4mZ3Q7 PGJyIGNsYXNzPSIiPg0KPGIgY2xhc3M9IiI+Q2M6PC9iPiBKaW0gU2NoYWFkICZsdDs8YSBocmVm PSJtYWlsdG86aWV0ZkBhdWd1c3RjZWxsYXJzLmNvbSIgdGFyZ2V0PSJfYmxhbmsiIGNsYXNzPSIi PmlldGZAYXVndXN0Y2VsbGFycy5jb208L2E+Jmd0OzsgY29zZSAmbHQ7PGEgaHJlZj0ibWFpbHRv OmNvc2VAaWV0Zi5vcmciIHRhcmdldD0iX2JsYW5rIiBjbGFzcz0iIj5jb3NlQGlldGYub3JnPC9h PiZndDs8YnIgY2xhc3M9IiI+DQo8YiBjbGFzcz0iIj5TdWJqZWN0OjwvYj4gUmU6IFtDT1NFXSBO ZXcgVmVyc2lvbiBOb3RpZmljYXRpb24gZm9yIGRyYWZ0LXNjaGFhZC1jb3NlLXg1MDktMDAudHh0 PHUgY2xhc3M9IiI+PC91Pjx1IGNsYXNzPSIiPjwvdT48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rp dj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSJoNSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFs Ij48dSBjbGFzcz0iIj48L3U+Jm5ic3A7PHUgY2xhc3M9IiI+PC91PjwvcD4NCjxkaXYgY2xhc3M9 IiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5Tb3JyeSBmb3IgdGhlIGRlbGF5ZWQgcmVzcG9uc2Ug YW5kIHRoYW5rcyBmb3IgdGhlIGRyYWZ0Ljx1IGNsYXNzPSIiPjwvdT48dSBjbGFzcz0iIj48L3U+ PC9wPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHUgY2xh c3M9IiI+PC91PiZuYnNwOzx1IGNsYXNzPSIiPjwvdT48L3A+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9 IiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5UaGUgb3JkZXIgZGVmaW5pdGl2ZSBjaGFpbiBvcHRp b24gZm9yIHg1YyBsb29rcyBwcmV0dHkgZ29vZC4gSG93IGRvZXMgdGhlIGtpZCBwYXJhbWV0ZXIg Y29tZSBpbnRvIHBsYXk/IElzIHg1YyBpbiBsaWV1IG9mIGtpZD8mbmJzcDsgU2VlbXMgbGlrZSBp dCB3b3VsZCBiZS48dSBjbGFzcz0iIj48L3U+PHUgY2xhc3M9IiI+PC91PjwvcD4NCjwvZGl2Pg0K PGRpdiBjbGFzcz0iIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjx1IGNsYXNzPSIiPjwvdT4mbmJz cDs8dSBjbGFzcz0iIj48L3U+PC9wPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+SXMgaXQgdXN1YWwgdG8gaGF2ZSB0aGUgZGF0YSB0eXBlIC8gc2VtYW50aWNz IHZhcnkgZm9yIHNvbWUgQ0JPUiBsaWtlIHg1Yz8gSGF2ZW7igJl0IHJ1biBpbnRvIGFueSBDQk9S IGxpa2UgdGhhdCBiZWZvcmUuJm5ic3A7IFdvdWxkIGl0IGJlIGJldHRlciB0byBoYXZlIGFuIHg1 Y2IgKGIgZm9yIGJhZykgYW5kIGFuIHg1Y28gKG8gZm9yIG9yZGVyZWQpLjx1IGNsYXNzPSIiPjwv dT48dSBjbGFzcz0iIj48L3U+PC9wPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+PHUgY2xhc3M9IiI+PC91PiZuYnNwOzx1IGNsYXNzPSIiPjwvdT48L3A+DQo8 L2Rpdj4NCjxkaXYgY2xhc3M9IiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5UaGFua3MhPHUgY2xh c3M9IiI+PC91Pjx1IGNsYXNzPSIiPjwvdT48L3A+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIj48dSBjbGFzcz0iIj48L3U+Jm5ic3A7PHUgY2xhc3M9IiI+PC91 PjwvcD4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkxMPHUg Y2xhc3M9IiI+PC91Pjx1IGNsYXNzPSIiPjwvdT48L3A+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+ DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48dSBjbGFzcz0iIj48L3U+Jm5ic3A7PHUgY2xhc3M9IiI+ PC91PjwvcD4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjx1 IGNsYXNzPSIiPjwvdT4mbmJzcDs8dSBjbGFzcz0iIj48L3U+PC9wPg0KPC9kaXY+DQo8ZGl2IGNs YXNzPSIiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHUgY2xhc3M9IiI+PC91PiZuYnNwOzx1IGNs YXNzPSIiPjwvdT48L3A+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48dSBjbGFzcz0iIj48L3U+Jm5ic3A7PHUgY2xhc3M9IiI+PC91PjwvcD4NCjwvZGl2Pg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHUgY2xhc3M9IiI+PC91PiZuYnNwOzx1IGNsYXNzPSIiPjwv dT48L3A+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPk9uIE5vdiAyMywgMjAxNiwgYXQgMTA6NDMgUE0sIFNhbXVlbCBFcmR0bWFuICZsdDs8YSBo cmVmPSJtYWlsdG86c2FtdWVsQGVyZHRtYW4uc2UiIHRhcmdldD0iX2JsYW5rIiBjbGFzcz0iIj5z YW11ZWxAZXJkdG1hbi5zZTwvYT4mZ3Q7IHdyb3RlOjx1IGNsYXNzPSIiPjwvdT48dSBjbGFzcz0i Ij48L3U+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48YnIgY2xhc3M9IiI+DQo8 YnIgY2xhc3M9IiI+DQo8dSBjbGFzcz0iIj48L3U+PHUgY2xhc3M9IiI+PC91PjwvcD4NCjxibG9j a3F1b3RlIHN0eWxlPSJtYXJnaW4tdG9wOjUuMHB0O21hcmdpbi1ib3R0b206NS4wcHQiIGNsYXNz PSIiPg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0Ij5Mb29rcyBsaWtl IGEgZ29vZCBzdGFydCB0byBtZS48dSBjbGFzcz0iIj48L3U+PHUgY2xhc3M9IiI+PC91PjwvcD4N CjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0 Ij5MYXVyZW5jZSB3aGF0IGRvIHlvdSB0aGluaz88dSBjbGFzcz0iIj48L3U+PHUgY2xhc3M9IiI+ PC91PjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Ly9TYW11ZWw8dSBjbGFzcz0i Ij48L3U+PHUgY2xhc3M9IiI+PC91PjwvcD4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjx1IGNsYXNzPSIiPjwvdT4mbmJzcDs8dSBjbGFzcz0iIj48L3U+PC9w Pg0KPGRpdiBjbGFzcz0iIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPk9uIFdlZCwgTm92IDIzLCAy MDE2IGF0IDY6MDAgQU0sIEppbSBTY2hhYWQgJmx0OzxhIGhyZWY9Im1haWx0bzppZXRmQGF1Z3Vz dGNlbGxhcnMuY29tIiB0YXJnZXQ9Il9ibGFuayIgY2xhc3M9IiI+aWV0ZkBhdWd1c3RjZWxsYXJz LmNvbTwvYT4mZ3Q7IHdyb3RlOjx1IGNsYXNzPSIiPjwvdT48dSBjbGFzcz0iIj48L3U+PC9wPg0K PGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICNjY2NjY2Mg MS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4t cmlnaHQ6MGluIiBjbGFzcz0iIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoaXMgaXMgYSByb3Vn aCBkcmFmdCBvZiB3aGF0IGEgc2V0IG9mIFguNTA5IGhlYWRlcnMgY291bGQgbG9vayBsaWtlLiZu YnNwOyBUaGVyZSBpcyBsb3RzIG9mIHRoaW5ncyB0aGF0IGFyZSBpbmNvbXBsZXRlIG9yIG1pc3Np bmcsIGJ1dCBJIHNhaWQgSSB3b3VsZCB3cml0ZSB1cCBhIGZhc3QgdmVyc2lvbiBmb3IgcGVvcGxl IHRvIGxvb2sgYXQgc28gaGVyZSBpdCBpcy48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpJ ZiB5b3UgYXJlIGludGVyZXN0ZWQsIHBsZWFzZSBjb21tZW50IG9uIHRoZSBoZWFkZXJzLiZuYnNw OyBUaGUgcG9pbnRlciB0byB0aGUgZ2l0aHViIHJlcG9zaXRvcnkgaXMgaW4gdGhlIGRvY3VtZW50 LjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkppbTxiciBjbGFzcz0iIj4NCjxiciBjbGFz cz0iIj4NCjxiciBjbGFzcz0iIj4NCiZndDsgLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS08YnIg Y2xhc3M9IiI+DQomZ3Q7IEZyb206IDxhIGhyZWY9Im1haWx0bzppbnRlcm5ldC1kcmFmdHNAaWV0 Zi5vcmciIHRhcmdldD0iX2JsYW5rIiBjbGFzcz0iIj5pbnRlcm5ldC1kcmFmdHNAaWV0Zi5vcmc8 L2E+IFttYWlsdG86PGEgaHJlZj0ibWFpbHRvOmludGVybmV0LWRyYWZ0c0BpZXRmLm9yZyIgdGFy Z2V0PSJfYmxhbmsiIGNsYXNzPSIiPmludGVybmV0LWRyYWZ0c0BpZXRmLjx3YnIgY2xhc3M9IiI+ b3JnPC9hPl08YnIgY2xhc3M9IiI+DQomZ3Q7IFNlbnQ6IFR1ZXNkYXksIE5vdmVtYmVyIDIyLCAy MDE2IDc6MjcgUE08YnIgY2xhc3M9IiI+DQomZ3Q7IFRvOiBKaW0gU2NoYWFkICZsdDs8YSBocmVm PSJtYWlsdG86aWV0ZkBhdWd1c3RjZWxsYXJzLmNvbSIgdGFyZ2V0PSJfYmxhbmsiIGNsYXNzPSIi PmlldGZAYXVndXN0Y2VsbGFycy5jb208L2E+Jmd0OzxiciBjbGFzcz0iIj4NCiZndDsgU3ViamVj dDogTmV3IFZlcnNpb24gTm90aWZpY2F0aW9uIGZvciBkcmFmdC1zY2hhYWQtY29zZS14NTA5LTAw LnR4dDxiciBjbGFzcz0iIj4NCiZndDs8YnIgY2xhc3M9IiI+DQomZ3Q7PGJyIGNsYXNzPSIiPg0K Jmd0OyBBIG5ldyB2ZXJzaW9uIG9mIEktRCwgZHJhZnQtc2NoYWFkLWNvc2UteDUwOS0wMC50eHQg aGFzIGJlZW4gc3VjY2Vzc2Z1bGx5PGJyIGNsYXNzPSIiPg0KJmd0OyBzdWJtaXR0ZWQgYnkgSmlt IFNjaGFhZCBhbmQgcG9zdGVkIHRvIHRoZSBJRVRGIHJlcG9zaXRvcnkuPGJyIGNsYXNzPSIiPg0K Jmd0OzxiciBjbGFzcz0iIj4NCiZndDsgTmFtZTombmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsg Jm5ic3A7ZHJhZnQtc2NoYWFkLWNvc2UteDUwOTxiciBjbGFzcz0iIj4NCiZndDsgUmV2aXNpb246 Jm5ic3A7ICZuYnNwOyAmbmJzcDswMDxiciBjbGFzcz0iIj4NCiZndDsgVGl0bGU6Jm5ic3A7ICZu YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBDQk9SIEVuY29k ZWQgTWVzc2FnZSBTeW50YXggKENPU0UpOiBIZWFkZXJzIGZvciBjYXJyeWluZzxiciBjbGFzcz0i Ij4NCiZndDsgYW5kIHJlZmVyZW5jaW5nIFguNTA5IGNlcnRpZmljYXRlczxiciBjbGFzcz0iIj4N CiZndDsgRG9jdW1lbnQgZGF0ZTombmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgMjAxNi0xMS0y MjxiciBjbGFzcz0iIj4NCiZndDsgR3JvdXA6Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBJbmRpdmlkdWFsIFN1Ym1pc3Npb248YnIgY2xhc3M9 IiI+DQomZ3Q7IFBhZ2VzOiZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7 ICZuYnNwOyAmbmJzcDsgNjxiciBjbGFzcz0iIj4NCiZndDsgVVJMOiZuYnNwOyAmbmJzcDsgJm5i c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7IDxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYub3JnL2lu dGVybmV0LWRyYWZ0cy9kcmFmdC1zY2hhYWQtY29zZS14NTA5LTAwLnR4dCIgdGFyZ2V0PSJfYmxh bmsiIGNsYXNzPSIiPg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvaW50ZXJuZXQtPHdiciBjbGFzcz0i Ij5kcmFmdHMvZHJhZnQtc2NoYWFkLWNvc2UteDUwOS08d2JyIGNsYXNzPSIiPjAwLnR4dDwvYT48 YnIgY2xhc3M9IiI+DQomZ3Q7IFN0YXR1czombmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i c3A7PGEgaHJlZj0iaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtc2NoYWFk LWNvc2UteDUwOS8iIHRhcmdldD0iX2JsYW5rIiBjbGFzcz0iIj5odHRwczovL2RhdGF0cmFja2Vy LmlldGYub3JnLzx3YnIgY2xhc3M9IiI+ZG9jL2RyYWZ0LXNjaGFhZC1jb3NlLXg1MDkvPC9hPjxi ciBjbGFzcz0iIj4NCiZndDsgSHRtbGl6ZWQ6Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7PGEg aHJlZj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LXNjaGFhZC1jb3NlLXg1MDkt MDAiIHRhcmdldD0iX2JsYW5rIiBjbGFzcz0iIj5odHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwv PHdiciBjbGFzcz0iIj5kcmFmdC1zY2hhYWQtY29zZS14NTA5LTAwPC9hPjxiciBjbGFzcz0iIj4N CiZndDs8YnIgY2xhc3M9IiI+DQomZ3Q7PGJyIGNsYXNzPSIiPg0KJmd0OyBBYnN0cmFjdDo8YnIg Y2xhc3M9IiI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyBUaGlzIGRvY3VtZW50IGRlZmluZXMgdGhlIGhl YWRlcnMgYW5kIHVzYWdlIGZvciByZWZlcnJpbmcgdG8gYW5kPGJyIGNsYXNzPSIiPg0KJmd0OyZu YnNwOyAmbmJzcDsgdHJhbnNwb3J0aW5nIFguNTA5IGNlcnRpZmljYXRlcyBpbiB0aGUgQ0JPUiBF bmNvZGVkIE1lc3NhZ2UgKENPU0UpPGJyIGNsYXNzPSIiPg0KJmd0OyZuYnNwOyAmbmJzcDsgU3lu dGF4LjxiciBjbGFzcz0iIj4NCiZndDs8YnIgY2xhc3M9IiI+DQomZ3Q7IENvbnRyaWJ1dGluZyB0 byB0aGlzIGRvY3VtZW50PGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCiZndDsmbmJz cDsgJm5ic3A7IFRoZSBzb3VyY2UgZm9yIHRoaXMgZHJhZnQgaXMgYmVpbmcgbWFpbnRhaW5lZCBp biBHaXRIdWIuJm5ic3A7IFN1Z2dlc3RlZDxiciBjbGFzcz0iIj4NCiZndDsmbmJzcDsgJm5ic3A7 IGNoYW5nZXMgc2hvdWxkIGJlIHN1Ym1pdHRlZCBhcyBwdWxsIHJlcXVlc3RzIGF0ICZsdDs8YSBo cmVmPSJodHRwczovL2dpdGh1Yi5jb20vIiB0YXJnZXQ9Il9ibGFuayIgY2xhc3M9IiI+aHR0cHM6 Ly9naXRodWIuY29tLzwvYT48YnIgY2xhc3M9IiI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyBjb3NlLXdn L1g1MDkmZ3Q7LiZuYnNwOyBJbnN0cnVjdGlvbnMgYXJlIG9uIHRoYXQgcGFnZSBhcyB3ZWxsLiZu YnNwOyBFZGl0b3JpYWw8YnIgY2xhc3M9IiI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyBjaGFuZ2VzIGNh biBiZSBtYW5hZ2VkIGluIEdpdEh1YiwgYnV0IGFueSBzdWJzdGFudGlhbCBpc3N1ZXMgbmVlZCB0 bzxiciBjbGFzcz0iIj4NCiZndDsmbmJzcDsgJm5ic3A7IGJlIGRpc2N1c3NlZCBvbiB0aGUgQ09T RSBtYWlsaW5nIGxpc3QuPGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCiZndDs8YnIg Y2xhc3M9IiI+DQomZ3Q7PGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgUGxl YXNlIG5vdGUgdGhhdCBpdCBtYXkgdGFrZSBhIGNvdXBsZSBvZiBtaW51dGVzIGZyb20gdGhlIHRp bWUgb2Ygc3VibWlzc2lvbjxiciBjbGFzcz0iIj4NCiZndDsgdW50aWwgdGhlIGh0bWxpemVkIHZl cnNpb24gYW5kIGRpZmYgYXJlIGF2YWlsYWJsZSBhdCA8YSBocmVmPSJodHRwOi8vdG9vbHMuaWV0 Zi5vcmcvIiB0YXJnZXQ9Il9ibGFuayIgY2xhc3M9IiI+DQp0b29scy5pZXRmLm9yZzwvYT4uPGJy IGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgVGhlIElFVEYgU2VjcmV0YXJpYXQ8 YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpfX19fX19fX19fX19f X19fX19fX19fX19fX19fX188d2JyIGNsYXNzPSIiPl9fX19fX19fX19fX19fX19fPGJyIGNsYXNz PSIiPg0KQ09TRSBtYWlsaW5nIGxpc3Q8YnIgY2xhc3M9IiI+DQo8YSBocmVmPSJtYWlsdG86Q09T RUBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiIGNsYXNzPSIiPkNPU0VAaWV0Zi5vcmc8L2E+PGJy IGNsYXNzPSIiPg0KPGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5m by9jb3NlIiB0YXJnZXQ9Il9ibGFuayIgY2xhc3M9IiI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFp bG1hbi88d2JyIGNsYXNzPSIiPmxpc3RpbmZvL2Nvc2U8L2E+PHUgY2xhc3M9IiI+PC91Pjx1IGNs YXNzPSIiPjwvdT48L3A+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjx1IGNsYXNzPSIiPjwvdT4mbmJzcDs8dSBjbGFzcz0iIj48L3U+PC9wPg0KPC9kaXY+DQo8 L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjx1IGNsYXNzPSIiPjwv dT4mbmJzcDs8dSBjbGFzcz0iIj48L3U+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9k aXY+DQo8L2Rpdj4NCjxiciBjbGFzcz0iIj4NCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19f Xzx3YnIgY2xhc3M9IiI+X19fX19fX19fX19fX19fX188YnIgY2xhc3M9IiI+DQpDT1NFIG1haWxp bmcgbGlzdDxiciBjbGFzcz0iIj4NCjxhIGhyZWY9Im1haWx0bzpDT1NFQGlldGYub3JnIiBjbGFz cz0iIj5DT1NFQGlldGYub3JnPC9hPjxiciBjbGFzcz0iIj4NCjxhIGhyZWY9Imh0dHBzOi8vd3d3 LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vY29zZSIgcmVsPSJub3JlZmVycmVyIiB0YXJnZXQ9 Il9ibGFuayIgY2xhc3M9IiI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi88d2JyIGNsYXNz PSIiPmxpc3RpbmZvL2Nvc2U8L2E+PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPC9ibG9j a3F1b3RlPg0KPC9kaXY+DQo8YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1 b3RlPg0KPC9kaXY+DQo8YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_BB0F527AE061427DAA0BC5CDDE4B9A76qtiqualcommcom_-- From nobody Mon Apr 17 19:22:28 2017 Return-Path: X-Original-To: cose@ietfa.amsl.com Delivered-To: cose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC77512940C for ; Mon, 17 Apr 2017 19:22:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=augustcellars.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WL4hK5giMi2T for ; Mon, 17 Apr 2017 19:22:21 -0700 (PDT) Received: from mail4.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B4941277BB for ; Mon, 17 Apr 2017 19:22:21 -0700 (PDT) Content-Type: multipart/alternative; boundary="----=_NextPart_000_000E_01D2B7AE.7EB158B0" Content-Language: en-us DKIM-Signature: v=1; a=rsa-sha256; d=augustcellars.com; s=winery; c=simple/simple; t=1492482135; h=from:subject:to:date:message-id; bh=6HoILtqR5VzU4Fgazzc/3fai4R3Vr82bCmMKtW8Vwrk=; b=Ml7hnNDoqdSxY5B0AJEJNE9yrO0BKFATO3WCVPXKVS+KnnZY3h5rL0b2P5J1ot1pIWF8q+9VRqv 2ghmOTTejiU0fL26vc9im5OVskS1lgZjBDpubJlTBLzcgjs4YFBGq48ouszb7Gt1/HL0Y+pWUvRc0 cHjKy4B9Ol+ybExQGewptK3irvjX2Zm1NnXFZraQF/q1QSv2FP1DKpXRVCr90UwaNgbDi+iSNkDC8 QZFbt2mM0MI0IDiHTsStNnTdGTWWTSShdPZq7m7pgQBGp66ngRbfZOZ7+PDu/OILLHCB9sSZtrykn ZFAhpwgdkHB6lXgF9oW0rds4Zy4Lva86m8eA== Received: from mail2.augustcellars.com (192.168.1.201) by mail4.augustcellars.com (192.168.1.153) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 17 Apr 2017 19:22:15 -0700 Received: from Hebrews (24.21.96.37) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 17 Apr 2017 19:22:10 -0700 From: Jim Schaad To: 'Laurence Lundblade' CC: 'cose' References: <147987163959.30322.14158962529156430503.idtracker@ietfa.amsl.com> <004901d24546$8e76bfe0$ab643fa0$@augustcellars.com> <9CE238FE-6AF0-458D-A1C7-B790870323D3@qti.qualcomm.com> <06e701d24f77$8d438280$a7ca8780$@augustcellars.com> In-Reply-To: Date: Mon, 17 Apr 2017 19:11:59 -0700 Message-ID: <000d01d2b7e9$2b0a6450$811f2cf0$@augustcellars.com> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQGas+U5hOX2ZwwTfdISQ4lSrZ9yRQGKptd0AmvDM5wAeJK3ggKGVo5qAN7e8PgCx1bv7aHla7mA X-Originating-IP: [24.21.96.37] Archived-At: Subject: Re: [COSE] New Version Notification for draft-schaad-cose-x509-00.txt X-BeenThere: cose@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: CBOR Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 02:22:25 -0000 ------=_NextPart_000_000E_01D2B7AE.7EB158B0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable The problem w/ trying to define a single way to do SKI is that different = Cas are going to do it in different ways and that is always a problem. =20 If you are doing a certificate enrollment protocol, it is always = possible to return some information back to the end point that it can = use or the same purpose. It could either return a Key Id that the = client is supposed to use or it could return a hash of the certificate = as we have a way to identify that as well. =20 One of the problems for certificate based people on just using the SKI = for identifying the certificate is to make sure that there are not more = than one certificate in the world. If multiple certificates exist (see = attacker), then it is always possible that a certificate with a = different identity or set of associated attributes can be obtained when = you do the indirection. Use the hash of the certificates (even a = truncated one) makes this a much harder problem to solve. =20 I am leery of doing this because of the difficulty in doing a =E2=80=93 = this is how we do SKI and it will never change =E2=80=93 statement for = implementation. I would rather see an identifier returned as part of = the enrollment protocol when a certificate is not returned. =20 jim =20 From: Laurence Lundblade [mailto:llundbla@qti.qualcomm.com]=20 Sent: Monday, April 17, 2017 4:58 PM To: Samuel Erdtman Cc: Jim Schaad ; cose Subject: Re: [COSE] New Version Notification for = draft-schaad-cose-x509-00.txt =20 It=E2=80=99s been a while, but I have another scenario. =20 Let=E2=80=99s say the key pair is generated on a device, but the = certificate is not on the device because the device is very constrained = or there are other considerations. The certificate is to be picked up = from a server or some other part of the system infrastructure. =20 In that case identifying the certificate by the public key or some = derivation of the public key is very helpful. Subject Key ID from RFC = 5280 section 4.2.1.2 seems exactly the right thing. The parameter name = could be =E2=80=9Cx5i=E2=80=9D or =E2=80=9Cx5ski=E2=80=9D.=20 =20 For full and standardized interop, we would have to go one step further = than RFC 5280 and RFC 7093 to formally define the how the Subject Key ID = is created from the key itself. RFC 5280 only gives =E2=80=9Ccommon = methods=E2=80=9D.=20 =20 LL =20 =20 =20 On Dec 6, 2016, at 10:01 PM, Samuel Erdtman > wrote: =20 Hi Jim, I think we should name the parameters differently x5t, x5c and x5u are = used in JOSE with slightly different semantic. This would be similar to = the "content type" in the COSE specification where cty is not used. Since the names are not included in the encoded message it might make = sense to name them: * x509 Certificate Thumbprint * x509 Certificate Chain * x509 Certificate URL =20 //Samuel =20 On Tue, Dec 6, 2016 at 5:16 AM, Jim Schaad > wrote: Thanks for input, it is something that nobody else has actually given = yet. =20 I could easily get behind the idea of moving to two different headers, = one for ordered and one for a bag. I don=E2=80=99t think that there = would be a huge problem with assigning the multiple code points. =20 I don=E2=80=99t know how common/uncommon it is for fields to allow = multiple types. I do know that the COSE spec does it in a couple of = places, although most of them can be ignored at this point in time. = Personally, I don=E2=80=99t find the code to support that feature to be = very difficult and argued that as part of the JOSE effort when the same = topic was discussed. =20 While it does not explicitly say that in COSE, my assumption was always = that =E2=80=98kid=E2=80=99 only identified COSE based keys. I think = that is probably an invalid assumption. I would however expect that if = an explicit key is given in the form a certificate then a kid would not = need to be present. An application however could state that a kid could = be the spki value from a certificate so that it could be used to find = certificates if desired. I=E2=80=99ll make a comment to myself on that. =20 More comments from everybody about what is good and bad are wanted. =20 Jim =20 =20 From: Lundblade, Laurence [mailto:llundbla@qti.qualcomm.com = ]=20 Sent: Monday, December 05, 2016 6:21 PM To: Samuel Erdtman > Cc: Jim Schaad = >; cose > Subject: Re: [COSE] New Version Notification for = draft-schaad-cose-x509-00.txt =20 Sorry for the delayed response and thanks for the draft. =20 The order definitive chain option for x5c looks pretty good. How does = the kid parameter come into play? Is x5c in lieu of kid? Seems like it = would be. =20 Is it usual to have the data type / semantics vary for some CBOR like = x5c? Haven=E2=80=99t run into any CBOR like that before. Would it be = better to have an x5cb (b for bag) and an x5co (o for ordered). =20 Thanks! =20 LL =20 =20 =20 =20 =20 On Nov 23, 2016, at 10:43 PM, Samuel Erdtman > wrote: =20 Looks like a good start to me. Laurence what do you think? //Samuel =20 On Wed, Nov 23, 2016 at 6:00 AM, Jim Schaad > wrote: This is a rough draft of what a set of X.509 headers could look like. = There is lots of things that are incomplete or missing, but I said I = would write up a fast version for people to look at so here it is. If you are interested, please comment on the headers. The pointer to = the github repository is in the document. Jim > -----Original Message----- > From: internet-drafts@ietf.org = [mailto:internet-drafts@ietf.org ] > Sent: Tuesday, November 22, 2016 7:27 PM > To: Jim Schaad = > > Subject: New Version Notification for draft-schaad-cose-x509-00.txt > > > A new version of I-D, draft-schaad-cose-x509-00.txt has been = successfully > submitted by Jim Schaad and posted to the IETF repository. > > Name: draft-schaad-cose-x509 > Revision: 00 > Title: CBOR Encoded Message Syntax (COSE): Headers for = carrying > and referencing X.509 certificates > Document date: 2016-11-22 > Group: Individual Submission > Pages: 6 > URL: = https://www.ietf.org/internet-drafts/draft-schaad-cose-x509-00.txt > Status: = https://datatracker.ietf.org/doc/draft-schaad-cose-x509/ > Htmlized: https://tools.ietf.org/html/draft-schaad-cose-x509-00 > > > Abstract: > This document defines the headers and usage for referring to and > transporting X.509 certificates in the CBOR Encoded Message (COSE) > Syntax. > > Contributing to this document > > The source for this draft is being maintained in GitHub. Suggested > changes should be submitted as pull requests at = cose-wg/X509>. Instructions are on that page as well. Editorial > changes can be managed in GitHub, but any substantial issues need = to > be discussed on the COSE mailing list. > > > > > Please note that it may take a couple of minutes from the time of = submission > until the htmlized version and diff are available at tools.ietf.org = . > > The IETF Secretariat _______________________________________________ COSE mailing list COSE@ietf.org =20 https://www.ietf.org/mailman/listinfo/cose =20 =20 _______________________________________________ COSE mailing list COSE@ietf.org =20 https://www.ietf.org/mailman/listinfo/cose =20 =20 ------=_NextPart_000_000E_01D2B7AE.7EB158B0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

The problem = w/ trying to define a single way to do SKI is that different Cas are = going to do it in different ways and that is always a = problem.

 

If you are = doing a certificate enrollment protocol, it is always possible to return = some information back to the end point that it can use or the same = purpose.=C2=A0 It could either return a Key Id that the client is = supposed to use or it could return a hash of the certificate as we have = a way to identify that as well.

 

One of the = problems for certificate based people on just using the SKI for = identifying the certificate is to make sure that there are not more than = one certificate in the world.=C2=A0 If multiple certificates exist (see = attacker), then it is always possible that a certificate with a = different identity or set of associated attributes can be obtained when = you do the indirection.=C2=A0 Use the hash of the certificates (even a = truncated one) makes this a much harder problem to = solve.

 

I am leery = of doing this because of the difficulty in doing a =E2=80=93 this is how = we do SKI and it will never change =E2=80=93 statement for = implementation.=C2=A0 I would rather see an identifier returned as part = of the enrollment protocol when a certificate is not = returned.

 

jim

 

From:<= /b> = Laurence Lundblade [mailto:llundbla@qti.qualcomm.com]
Sent: = Monday, April 17, 2017 4:58 PM
To: Samuel Erdtman = <samuel@erdtman.se>
Cc: Jim Schaad = <ietf@augustcellars.com>; cose = <cose@ietf.org>
Subject: Re: [COSE] New Version = Notification for = draft-schaad-cose-x509-00.txt

 

It=E2=80=99s been a while, but I have another = scenario.

 

Let=E2=80=99s say the key pair is generated on a = device, but the certificate is not on the device because the device is = very constrained or there are other considerations.  The = certificate is to be picked up from a server or some other part of the = system infrastructure.

 

In that case identifying the certificate by the public = key or some derivation of the public key is very helpful.  Subject = Key ID from RFC 5280 section 4.2.1.2 seems exactly the right thing. The = parameter name could be =E2=80=9Cx5i=E2=80=9D or = =E2=80=9Cx5ski=E2=80=9D. 

 

For full and standardized interop, we would have to go = one step further than RFC 5280 and RFC 7093 to formally define the how = the Subject Key ID is created from the key itself.  RFC 5280 only = gives =E2=80=9Ccommon = methods=E2=80=9D. 

 

LL

 

 

 

On Dec 6, 2016, at 10:01 PM, Samuel Erdtman <samuel@erdtman.se> = wrote:

 

Hi = Jim,

I think we should name the = parameters differently x5t, x5c and x5u are used in JOSE with slightly = different semantic. This would be similar to the "content = type" in the COSE specification where cty is not = used.

Since the names are = not included in the encoded message it might make sense to name = them:

* x509 Certificate = Thumbprint
* x509 Certificate Chain
* x509 Certificate = URL

 

//Samuel

 

On Tue, = Dec 6, 2016 at 5:16 AM, Jim Schaad <ietf@augustcellars.com> = wrote:

Thanks for = input, it is something that nobody else has actually given = yet.

 =

I could = easily get behind the idea of moving to two different headers, one for = ordered and one for a bag.  I don=E2=80=99t think that there would = be a huge problem with assigning the multiple code = points.

 =

I = don=E2=80=99t know how common/uncommon it is for fields to allow = multiple types.  I do know that the COSE spec does it in a couple = of places, although most of them can be ignored at this point in = time.  Personally, I don=E2=80=99t find the code to support that = feature to be very difficult and argued that as part of the JOSE effort = when the same topic was discussed.

 =

While it = does not explicitly say that in COSE, my assumption was always that = =E2=80=98kid=E2=80=99 only identified COSE based keys.  I think = that is probably an invalid assumption.  I would however expect = that if an explicit key is given in the form a certificate then a kid = would not need to be present.  An application however could state = that a kid could be the spki value from a certificate so that it could = be used to find certificates if desired. I=E2=80=99ll make a comment to = myself on that.

 =

More = comments from everybody about what is good and bad are = wanted.

 =

Jim

 =

 =

From:<= /b> = Lundblade, Laurence [mailto:llundbla@qti.qualcomm.com]
Sent: = Monday, December 05, 2016 6:21 PM
To: Samuel Erdtman <samuel@erdtman.se>
Cc: Jim Schaad = <ietf@augustcellars.com>; cose <cose@ietf.org>
Subject: Re: [COSE] = New Version Notification for = draft-schaad-cose-x509-00.txt

=

 <= /o:p>

Sorry for = the delayed response and thanks for the = draft.

 <= /o:p>

The order = definitive chain option for x5c looks pretty good. How does the kid = parameter come into play? Is x5c in lieu of kid?  Seems like it = would be.

 <= /o:p>

Is it usual = to have the data type / semantics vary for some CBOR like x5c? = Haven=E2=80=99t run into any CBOR like that before.  Would it be = better to have an x5cb (b for bag) and an x5co (o for = ordered).

 <= /o:p>

Thanks!=

 <= /o:p>

LL

 <= /o:p>

 <= /o:p>

 <= /o:p>

 <= /o:p>

 <= /o:p>

On Nov 23, = 2016, at 10:43 PM, Samuel Erdtman <samuel@erdtman.se> = wrote:

 <= /p>

Looks like a good = start to me.

Laurence what do = you think?

//Samuel

 <= /o:p>

On Wed, Nov = 23, 2016 at 6:00 AM, Jim Schaad <ietf@augustcellars.com> = wrote:

This is a = rough draft of what a set of X.509 headers could look like.  There = is lots of things that are incomplete or missing, but I said I would = write up a fast version for people to look at so here it is.

If = you are interested, please comment on the headers.  The pointer to = the github repository is in the document.

Jim


> = -----Original Message-----
> From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org]
> Sent: Tuesday, = November 22, 2016 7:27 PM
> To: Jim Schaad <ietf@augustcellars.com>
> Subject: New = Version Notification for = draft-schaad-cose-x509-00.txt
>
>
> A new version of = I-D, draft-schaad-cose-x509-00.txt has been successfully
> = submitted by Jim Schaad and posted to the IETF = repository.
>
> Name:        =  draft-schaad-cose-x509
> Revision:    =  00
> Title:              =   CBOR Encoded Message Syntax (COSE): Headers for carrying
> = and referencing X.509 certificates
> Document date:    =     2016-11-22
> Group:        =         Individual Submission
> Pages:  =               6
> URL:  =           https://www.ietf.org/internet-drafts/draft-schaad-cose-= x509-00.txt
> Status:         https://datatracker.ietf.org/doc/draft-schaad-cose-x509= /
> Htmlized:       https://tools.ietf.org/html/draft-schaad-cose-x509-00
>
>
> Abstract:
>    This document = defines the headers and usage for referring to and
>    = transporting X.509 certificates in the CBOR Encoded Message = (COSE)
>    Syntax.
>
> Contributing to this = document
>
>    The source for this draft is being = maintained in GitHub.  Suggested
>    changes = should be submitted as pull requests at <https://github.com/
>    = cose-wg/X509>.  Instructions are on that page as well.  = Editorial
>    changes can be managed in GitHub, but any = substantial issues need to
>    be discussed on the COSE = mailing list.
>
>
>
>
> Please note that = it may take a couple of minutes from the time of submission
> = until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF = Secretariat


_______________________________________________COSE mailing list
COSE@ietf.org
https://www.ietf.org/mailman/listinfo/cose

 <= /o:p>

 <= /o:p>


______________________________________= _________
COSE mailing list
COSE@ietf.org
https://www.ietf.org/mailman/listinfo/cose

 

 

------=_NextPart_000_000E_01D2B7AE.7EB158B0-- From nobody Mon Apr 17 19:40:27 2017 Return-Path: X-Original-To: cose@ietfa.amsl.com Delivered-To: cose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84051129411 for ; Mon, 17 Apr 2017 19:40:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.001 X-Spam-Level: X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uNJthZHhwCJd for ; Mon, 17 Apr 2017 19:40:24 -0700 (PDT) Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C3B712940C for ; Mon, 17 Apr 2017 19:40:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1492483224; x=1524019224; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=Gj8bzUUUUIroDsFWaXXHa8gSElpwjcMh5j+odOfyoTw=; b=UUqViOKe3K4INKZyZfVBmzAGCPPtfD2tUhw5xYexzzk1e4Q9QeSmWbhd Wg1lmztB5RUyEzEp8r5eMTEIwMeFnlSq06siiQKhd2sQsSZ9gF+nZR/8p y3+m3WAE83rfr/shs+3TPPlY0dIkIeKmUvu4lFvF+qIZS1wkZY6jcqCzL 4=; X-IronPort-AV: E=Sophos;i="5.37,217,1488873600"; d="scan'208,217";a="374909512" Received: from unknown (HELO Ironmsg04-L.qualcomm.com) ([10.53.140.111]) by wolverine02.qualcomm.com with ESMTP; 17 Apr 2017 19:40:23 -0700 X-IronPort-AV: E=McAfee;i="5800,7501,8501"; a="1330923054" X-MGA-submission: =?us-ascii?q?MDE9Rmq+t65zk8rzlNmq7wNqqmhIt9pHPaPJA9?= =?us-ascii?q?uhiPYhSez3HgBAw9uVM/kLRq2G9whCvB9vuTo1yBKFjyvv2uMuWtS+zM?= =?us-ascii?q?6UmmupiGRfHiH4uYDl/XA76IOCKGfJjEbNFdzAUyECC3maDKNeb06nl2?= =?us-ascii?q?+J?= Received: from nasanexm01e.na.qualcomm.com ([10.85.0.31]) by Ironmsg04-L.qualcomm.com with ESMTP/TLS/RC4-SHA; 17 Apr 2017 19:40:22 -0700 Received: from NASANEXM01B.na.qualcomm.com (10.85.0.82) by NASANEXM01E.na.qualcomm.com (10.85.0.31) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Mon, 17 Apr 2017 19:40:22 -0700 Received: from NASANEXM01B.na.qualcomm.com ([10.85.0.82]) by NASANEXM01B.na.qualcomm.com ([10.85.0.82]) with mapi id 15.00.1178.000; Mon, 17 Apr 2017 19:40:22 -0700 From: Laurence Lundblade To: Jim Schaad CC: cose Thread-Topic: [COSE] New Version Notification for draft-schaad-cose-x509-00.txt Thread-Index: AQHSUE9n8gqDeU8N0UWR0TVip3PpF6HLgYAAgAAli4CAAAfrgA== Date: Tue, 18 Apr 2017 02:40:21 +0000 Message-ID: <7FD2726F-42F8-47DF-92F5-7C399D80A662@qti.qualcomm.com> References: <147987163959.30322.14158962529156430503.idtracker@ietfa.amsl.com> <004901d24546$8e76bfe0$ab643fa0$@augustcellars.com> <9CE238FE-6AF0-458D-A1C7-B790870323D3@qti.qualcomm.com> <06e701d24f77$8d438280$a7ca8780$@augustcellars.com> <000d01d2b7e9$2b0a6450$811f2cf0$@augustcellars.com> In-Reply-To: <000d01d2b7e9$2b0a6450$811f2cf0$@augustcellars.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3273) x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.80.80.8] Content-Type: multipart/alternative; boundary="_000_7FD2726F42F847DF92F57C399D80A662qtiqualcommcom_" MIME-Version: 1.0 Archived-At: Subject: Re: [COSE] New Version Notification for draft-schaad-cose-x509-00.txt X-BeenThere: cose@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: CBOR Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 02:40:25 -0000 --_000_7FD2726F42F847DF92F57C399D80A662qtiqualcommcom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgSmltLA0KDQpUaGFua3MgZm9yIHRoZSBxdWljayBjb21tZW50Lg0KDQpPbiBBcHIgMTcsIDIw MTcsIGF0IDc6MTEgUE0sIEppbSBTY2hhYWQgPGlldGZAYXVndXN0Y2VsbGFycy5jb208bWFpbHRv OmlldGZAYXVndXN0Y2VsbGFycy5jb20+PiB3cm90ZToNCg0KVGhlIHByb2JsZW0gdy8gdHJ5aW5n IHRvIGRlZmluZSBhIHNpbmdsZSB3YXkgdG8gZG8gU0tJIGlzIHRoYXQgZGlmZmVyZW50IENhcyBh cmUgZ29pbmcgdG8gZG8gaXQgaW4gZGlmZmVyZW50IHdheXMgYW5kIHRoYXQgaXMgYWx3YXlzIGEg cHJvYmxlbS4NCg0KSWYgeW91IGFyZSBkb2luZyBhIGNlcnRpZmljYXRlIGVucm9sbG1lbnQgcHJv dG9jb2wsIGl0IGlzIGFsd2F5cyBwb3NzaWJsZSB0byByZXR1cm4gc29tZSBpbmZvcm1hdGlvbiBi YWNrIHRvIHRoZSBlbmQgcG9pbnQgdGhhdCBpdCBjYW4gdXNlIG9yIHRoZSBzYW1lIHB1cnBvc2Uu ICBJdCBjb3VsZCBlaXRoZXIgcmV0dXJuIGEgS2V5IElkIHRoYXQgdGhlIGNsaWVudCBpcyBzdXBw b3NlZCB0byB1c2Ugb3IgaXQgY291bGQgcmV0dXJuIGEgaGFzaCBvZiB0aGUgY2VydGlmaWNhdGUg YXMgd2UgaGF2ZSBhIHdheSB0byBpZGVudGlmeSB0aGF0IGFzIHdlbGwuDQoNCknigJltIHNvcnJ5 IEkgY2Fu4oCZdCBzaGFyZSBkZXRhaWxzLCBidXQgSSBjYW4gYXNzdXJlIHlvdSB0aGF0IHRoaXMg aXMgbm90IHBvc3NpYmxlIGluIHRoZSB1c2UgY2FzZSBJIGhhdmUgaW4gbWluZC4NCg0KSSB0aGlu ayB0aGF0IGxlYXZlcyB1cyBlaXRoZXIgd2l0aCB0aGUgQ0EgYW5kIHVzZXJzIG9mIHRoaXMgc2No ZW1lIGhhdmluZyB0byBhc3N1bWUgYSBwYXJ0aWN1bGFyIHdheSB0byBjb21wdXRlIFNLSSBvciBp bnZlbnRpbmcgc29tZSB0eXBpbmcgc2NoZW1lIGZvciBTS0lzLg0KDQpNYXliZSB0aGF0IGVuZHMg dGhlIGNvbnZlcnNhdGlvbuKApg0KDQoNCg0KT25lIG9mIHRoZSBwcm9ibGVtcyBmb3IgY2VydGlm aWNhdGUgYmFzZWQgcGVvcGxlIG9uIGp1c3QgdXNpbmcgdGhlIFNLSSBmb3IgaWRlbnRpZnlpbmcg dGhlIGNlcnRpZmljYXRlIGlzIHRvIG1ha2Ugc3VyZSB0aGF0IHRoZXJlIGFyZSBub3QgbW9yZSB0 aGFuIG9uZSBjZXJ0aWZpY2F0ZSBpbiB0aGUgd29ybGQuICBJZiBtdWx0aXBsZSBjZXJ0aWZpY2F0 ZXMgZXhpc3QgKHNlZSBhdHRhY2tlciksIHRoZW4gaXQgaXMgYWx3YXlzIHBvc3NpYmxlIHRoYXQg YSBjZXJ0aWZpY2F0ZSB3aXRoIGEgZGlmZmVyZW50IGlkZW50aXR5IG9yIHNldCBvZiBhc3NvY2lh dGVkIGF0dHJpYnV0ZXMgY2FuIGJlIG9idGFpbmVkIHdoZW4geW91IGRvIHRoZSBpbmRpcmVjdGlv bi4gIFVzZSB0aGUgaGFzaCBvZiB0aGUgY2VydGlmaWNhdGVzIChldmVuIGEgdHJ1bmNhdGVkIG9u ZSkgbWFrZXMgdGhpcyBhIG11Y2ggaGFyZGVyIHByb2JsZW0gdG8gc29sdmUuDQoNClRoaXMgc2Vl bXMgbGlrZSBhIHByb2JsZW0gd2hlbiB5b3UgdHJ1c3QgYSBsb3Qgb2Ygcm9vdHMsIGJ1dCBub3Qg c28gbXVjaCBvZiBhIHByb2JsZW0gd2hlbiB0cnVzdGluZyBqdXN0IG9uZSBvciB0d28gcHJvcHJp ZXRhcnkgcm9vdHMuICBJcyB0aGF0IHJpZ2h0Pw0KDQpBbHNvLCBhbnkgcG9pbnRlciBvbiB3aGF0 IGhhcHBlbmVkIHdpdGggUkZDIDQzODcgdG8gbG9vayB1cCBhbmQgZmV0Y2ggY2VydHMgdmlhIEhU VFA/DQoNClRoYW5rcyBhZ2FpbiwNCg0KTEwNCg0K --_000_7FD2726F42F847DF92F57C399D80A662qtiqualcommcom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYg Y2xhc3M9IiI+SGkgSmltLCZuYnNwOzwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+ DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+VGhhbmtzIGZvciB0aGUgcXVpY2sgY29tbWVudC4mbmJz cDs8L2Rpdj4NCjwvZGl2Pg0KPGJyIGNsYXNzPSIiPg0KPGRpdj4NCjxibG9ja3F1b3RlIHR5cGU9 ImNpdGUiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj5PbiBBcHIgMTcsIDIwMTcsIGF0IDc6MTEg UE0sIEppbSBTY2hhYWQgJmx0OzxhIGhyZWY9Im1haWx0bzppZXRmQGF1Z3VzdGNlbGxhcnMuY29t IiBjbGFzcz0iIj5pZXRmQGF1Z3VzdGNlbGxhcnMuY29tPC9hPiZndDsgd3JvdGU6PC9kaXY+DQo8 YnIgY2xhc3M9IkFwcGxlLWludGVyY2hhbmdlLW5ld2xpbmUiPg0KPGRpdiBjbGFzcz0iIj4NCjxk aXYgY2xhc3M9IldvcmRTZWN0aW9uMSIgc3R5bGU9InBhZ2U6IFdvcmRTZWN0aW9uMTsgZm9udC1m YW1pbHk6IEhlbHZldGljYTsgZm9udC1zaXplOiAxMnB4OyBmb250LXN0eWxlOiBub3JtYWw7IGZv bnQtdmFyaWFudC1jYXBzOiBub3JtYWw7IGZvbnQtd2VpZ2h0OiBub3JtYWw7IGxldHRlci1zcGFj aW5nOiBub3JtYWw7IHRleHQtYWxpZ246IHN0YXJ0OyB0ZXh0LWluZGVudDogMHB4OyB0ZXh0LXRy YW5zZm9ybTogbm9uZTsgd2hpdGUtc3BhY2U6IG5vcm1hbDsgd29yZC1zcGFjaW5nOiAwcHg7IC13 ZWJraXQtdGV4dC1zdHJva2Utd2lkdGg6IDBweDsiPg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4g MGluIDAuMDAwMXB0OyBmb250LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5OiAnVGltZXMgTmV3IFJv bWFuJywgc2VyaWY7IiBjbGFzcz0iIj4NCjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDExcHQ7IGZv bnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+VGhlIHByb2JsZW0gdy8g dHJ5aW5nIHRvIGRlZmluZSBhIHNpbmdsZSB3YXkgdG8gZG8gU0tJIGlzIHRoYXQgZGlmZmVyZW50 IENhcyBhcmUgZ29pbmcgdG8gZG8gaXQgaW4gZGlmZmVyZW50IHdheXMgYW5kIHRoYXQgaXMgYWx3 YXlzIGEgcHJvYmxlbS48bzpwIGNsYXNzPSIiPjwvbzpwPjwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5 bGU9Im1hcmdpbjogMGluIDBpbiAwLjAwMDFwdDsgZm9udC1zaXplOiAxMnB0OyBmb250LWZhbWls eTogJ1RpbWVzIE5ldyBSb21hbicsIHNlcmlmOyIgY2xhc3M9IiI+DQo8c3BhbiBzdHlsZT0iZm9u dC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIi PjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFy Z2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5OiAnVGlt ZXMgTmV3IFJvbWFuJywgc2VyaWY7IiBjbGFzcz0iIj4NCjxzcGFuIHN0eWxlPSJmb250LXNpemU6 IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+SWYgeW91 IGFyZSBkb2luZyBhIGNlcnRpZmljYXRlIGVucm9sbG1lbnQgcHJvdG9jb2wsIGl0IGlzIGFsd2F5 cyBwb3NzaWJsZSB0byByZXR1cm4gc29tZSBpbmZvcm1hdGlvbiBiYWNrIHRvIHRoZSBlbmQgcG9p bnQgdGhhdCBpdCBjYW4gdXNlIG9yIHRoZSBzYW1lIHB1cnBvc2UuJm5ic3A7IEl0IGNvdWxkIGVp dGhlciByZXR1cm4NCiBhIEtleSBJZCB0aGF0IHRoZSBjbGllbnQgaXMgc3VwcG9zZWQgdG8gdXNl IG9yIGl0IGNvdWxkIHJldHVybiBhIGhhc2ggb2YgdGhlIGNlcnRpZmljYXRlIGFzIHdlIGhhdmUg YSB3YXkgdG8gaWRlbnRpZnkgdGhhdCBhcyB3ZWxsLjwvc3Bhbj48L2Rpdj4NCjwvZGl2Pg0KPC9k aXY+DQo8L2Jsb2NrcXVvdGU+DQo8ZGl2PjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdj5J4oCZ bSBzb3JyeSBJIGNhbuKAmXQgc2hhcmUgZGV0YWlscywgYnV0IEkgY2FuIGFzc3VyZSB5b3UgdGhh dCB0aGlzIGlzIG5vdCBwb3NzaWJsZSBpbiB0aGUgdXNlIGNhc2UgSSBoYXZlIGluIG1pbmQuPC9k aXY+DQo8ZGl2PjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdj5JIHRoaW5rIHRoYXQgbGVhdmVz IHVzIGVpdGhlciB3aXRoIHRoZSBDQSBhbmQgdXNlcnMgb2YgdGhpcyBzY2hlbWUgaGF2aW5nIHRv IGFzc3VtZSBhIHBhcnRpY3VsYXIgd2F5IHRvIGNvbXB1dGUgU0tJIG9yIGludmVudGluZyBzb21l IHR5cGluZyBzY2hlbWUgZm9yIFNLSXMuPC9kaXY+DQo8ZGl2PjxiciBjbGFzcz0iIj4NCjwvZGl2 Pg0KPGRpdj5NYXliZSB0aGF0IGVuZHMgdGhlIGNvbnZlcnNhdGlvbuKApiZuYnNwOzwvZGl2Pg0K PGRpdj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXY+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8 YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IGNs YXNzPSJXb3JkU2VjdGlvbjEiIHN0eWxlPSJwYWdlOiBXb3JkU2VjdGlvbjE7IGZvbnQtZmFtaWx5 OiBIZWx2ZXRpY2E7IGZvbnQtc2l6ZTogMTJweDsgZm9udC1zdHlsZTogbm9ybWFsOyBmb250LXZh cmlhbnQtY2Fwczogbm9ybWFsOyBmb250LXdlaWdodDogbm9ybWFsOyBsZXR0ZXItc3BhY2luZzog bm9ybWFsOyB0ZXh0LWFsaWduOiBzdGFydDsgdGV4dC1pbmRlbnQ6IDBweDsgdGV4dC10cmFuc2Zv cm06IG5vbmU7IHdoaXRlLXNwYWNlOiBub3JtYWw7IHdvcmQtc3BhY2luZzogMHB4OyAtd2Via2l0 LXRleHQtc3Ryb2tlLXdpZHRoOiAwcHg7Ij4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGluIDBpbiAw LjAwMDFwdDsgZm9udC1zaXplOiAxMnB0OyBmb250LWZhbWlseTogJ1RpbWVzIE5ldyBSb21hbics IHNlcmlmOyIgY2xhc3M9IiI+DQo8c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxMXB0OyBmb250LWZh bWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPjxvOnAgY2xhc3M9IiI+PC9vOnA+ PC9zcGFuPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwaW4gMGluIDAuMDAwMXB0OyBmb250 LXNpemU6IDEycHQ7IGZvbnQtZmFtaWx5OiAnVGltZXMgTmV3IFJvbWFuJywgc2VyaWY7IiBjbGFz cz0iIj4NCjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJp LCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+PG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L3NwYW4+ PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBpbiAwaW4gMC4wMDAxcHQ7IGZvbnQtc2l6ZTog MTJwdDsgZm9udC1mYW1pbHk6ICdUaW1lcyBOZXcgUm9tYW4nLCBzZXJpZjsiIGNsYXNzPSIiPg0K PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMt c2VyaWY7IiBjbGFzcz0iIj5PbmUgb2YgdGhlIHByb2JsZW1zIGZvciBjZXJ0aWZpY2F0ZSBiYXNl ZCBwZW9wbGUgb24ganVzdCB1c2luZyB0aGUgU0tJIGZvciBpZGVudGlmeWluZyB0aGUgY2VydGlm aWNhdGUgaXMgdG8gbWFrZSBzdXJlIHRoYXQgdGhlcmUgYXJlIG5vdCBtb3JlIHRoYW4gb25lIGNl cnRpZmljYXRlIGluIHRoZSB3b3JsZC4mbmJzcDsgSWYgbXVsdGlwbGUNCiBjZXJ0aWZpY2F0ZXMg ZXhpc3QgKHNlZSBhdHRhY2tlciksIHRoZW4gaXQgaXMgYWx3YXlzIHBvc3NpYmxlIHRoYXQgYSBj ZXJ0aWZpY2F0ZSB3aXRoIGEgZGlmZmVyZW50IGlkZW50aXR5IG9yIHNldCBvZiBhc3NvY2lhdGVk IGF0dHJpYnV0ZXMgY2FuIGJlIG9idGFpbmVkIHdoZW4geW91IGRvIHRoZSBpbmRpcmVjdGlvbi4m bmJzcDsgVXNlIHRoZSBoYXNoIG9mIHRoZSBjZXJ0aWZpY2F0ZXMgKGV2ZW4gYSB0cnVuY2F0ZWQg b25lKSBtYWtlcyB0aGlzIGEgbXVjaA0KIGhhcmRlciBwcm9ibGVtIHRvIHNvbHZlLjwvc3Bhbj48 L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8ZGl2PjxiciBjbGFzcz0iIj4N CjwvZGl2Pg0KPGRpdj5UaGlzIHNlZW1zIGxpa2UgYSBwcm9ibGVtIHdoZW4geW91IHRydXN0IGEg bG90IG9mIHJvb3RzLCBidXQgbm90IHNvIG11Y2ggb2YgYSBwcm9ibGVtIHdoZW4gdHJ1c3Rpbmcg anVzdCBvbmUgb3IgdHdvIHByb3ByaWV0YXJ5IHJvb3RzLiAmbmJzcDtJcyB0aGF0IHJpZ2h0Pzwv ZGl2Pg0KPGRpdj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj5BbHNvLCBhbnkg cG9pbnRlciBvbiB3aGF0IGhhcHBlbmVkIHdpdGggUkZDIDQzODcgdG8gbG9vayB1cCBhbmQgZmV0 Y2ggY2VydHMgdmlhIEhUVFA/PC9kaXY+DQo8ZGl2PjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRp dj5UaGFua3MgYWdhaW4sPC9kaXY+DQo8ZGl2PjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdj5M TDwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjwvYm9keT4NCjwv aHRtbD4NCg== --_000_7FD2726F42F847DF92F57C399D80A662qtiqualcommcom_-- From nobody Tue Apr 18 02:47:14 2017 Return-Path: X-Original-To: cose@ietfa.amsl.com Delivered-To: cose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 771CF129AB2 for ; Tue, 18 Apr 2017 02:47:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r70HiM3TotLL for ; Tue, 18 Apr 2017 02:47:09 -0700 (PDT) Received: from mail-qk0-x233.google.com (mail-qk0-x233.google.com [IPv6:2607:f8b0:400d:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6854F12714F for ; Tue, 18 Apr 2017 02:47:09 -0700 (PDT) Received: by mail-qk0-x233.google.com with SMTP id p68so125099890qke.1 for ; Tue, 18 Apr 2017 02:47:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=qD9TU2WRkHtUShC0NzImoR1iC6q4vrzZ5NY3zqzqZGs=; b=cuh1FCdlpL3Lr+sPGWQm3LNf+zYpftCok22DZIy9K62qOh9ckxf/TGeWm/oK6yVRm/ k6wxeiSQE+ar0h2TDcCTz5iyYF2uu/wViba2Ndw8iMWz4wrjcZy5yEa+kU8Pe/Gx0Yi+ 2lVifHXU3xaMq/35WF+vNXk6gZY9tTxgFHeDSRgZcruEYAmBOlHyCjQt/0y5VUxn1Psl L8lUYn2p3fqg2rRU3GdyU1iLOYGJ6pImgLM2OFBbVmOpyR5rV7xjRYn4/WnxLvl6gpDl 0NWayubUgKBoj3NtTgT3oU1vjk2EUZcMrHCn7HFRfdOgFV+LsUwl/731h1NgpBoC7cTQ Pc1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=qD9TU2WRkHtUShC0NzImoR1iC6q4vrzZ5NY3zqzqZGs=; b=kNKw7D5168zIFjPxbT66PmEXqXtbT35ykBO/mHilqJkCjZ/EMtdDfpo4melDYb/HDT bYWizUvdrvY37J1Hxy4OarxtH3e7XcPdwASPZMytO/VXwUxJwc+mi/IQthwGFOnaRKRX z9egmX03gn3lvlcPFc8qm+UIFkxrsHXHDK7wZOMSOW4W/Q+GV1Qxcf+AwFdOZtdP7SID hVK3GOdCZOqUW2FSJJOwxaUBYiISFeCLAdu41OpJQ08ravmCcwrVgbNW50TU9gda0t6c I0Jf7RP5KgIM+2VREnsFOvL0tnTsM5kJePysWUCq37V2ZAMWpex4L2CHyIinXiZgeMB0 sPrA== X-Gm-Message-State: AN3rC/5svnYt7qwrJhjrF0VFeSYLOpnKmx7/so+6+MkQXFnLvwiPVELU n6+JRmdPfMbZlwX7R0qR8vu3PD+PVg== X-Received: by 10.55.34.10 with SMTP id i10mr13682621qki.138.1492508828616; Tue, 18 Apr 2017 02:47:08 -0700 (PDT) MIME-Version: 1.0 Received: by 10.200.58.102 with HTTP; Tue, 18 Apr 2017 02:46:48 -0700 (PDT) In-Reply-To: <507AF7D7-6060-4D8A-A4E8-502C82D5CC50@tzi.org> References: <08eb01d103c8$3deade00$b9c09a00$@augustcellars.com> <561A2C9B.5060104@tzi.org> <094001d10451$cccec4e0$666c4ea0$@augustcellars.com> <507AF7D7-6060-4D8A-A4E8-502C82D5CC50@tzi.org> From: Renzo Navas Date: Tue, 18 Apr 2017 11:46:48 +0200 Message-ID: To: Carsten Bormann , Jim Schaad Cc: cose Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [COSE] Assigning CBOR tags to key structures X-BeenThere: cose@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: CBOR Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 09:47:13 -0000 Hello Cose ML! (Sorry for the late reply, I didn't see the replies the same day; then I was on holidays) Jim: thanks for the suggestion. Indeed I think I will go for this option to keep the solution non-homebrew. I will borrow from the CoAP Content-Formats (application/cose-key : 101) and put this in the protected headers. I think this solution will be 3 bytes (1B content-type label + 2B to represent "101") instead of 1 byte of the hypothetical CBOR Tag for COSE-Key (19 or 20 looked nice). Carsten: I am using CoAP (..for now) but I want the least possible COSE metadata on the CoAP header; to make the COSE message as agnostic as possible of the transport (maybe we will transport this message over-foo). In my particular case, I simply use the CoAP Content-format 60 to indicate that this is an "application/cbor" payload. Then I use the CBOR-Tag 16 (COSE_Encrypt0), because indeed that is what this CBOR message is. So even if I use CoAP metadata for COSE I should indicate this message as "application/cose; cose-type=3D"cose-encrypt0" (16). My 'problem' arose when, once decrypted; the plaintext part of the COSE_Encrypt0 contains , in some cases, a COSE_Key object; and I simply wanted to indicate that with a 1-byte tag . Jim's suggestions of content-type in protected header solves my problem indeed. So maybe the question I want to ask to the ML is: why you discarded defining the COSE_Key/COSE_KeySet CBOR tag? ( I see the pretty tags 19 and 20 unassigned) Carsten, I really agree with your opinion from 2015 : >I'd propose this rule: >If there is a media type, there should be a CBOR tag for those >environments that don't benefit from media types. In the end, it's a matter of 2 bytes, 1 byte tag, vs 3 byte protected header content-type. The COSE messages are around 52 Bytes, so It's a matter of 4% longer Messages/Energy. I found it strange not to find a CBOR tag for a mayor COSE type. These are my 2 cents, Thank you for your quick reply Jim and Carsten! Renzo On Fri, Apr 7, 2017 at 6:14 PM, Carsten Bormann wrote: > Hi Renzo, > > where would you put such a tag? > > Starting the encoded CBOR with a tag would amount to a magic number unles= s the media type already indicates that this is CBOR-encoded. But then it = could indicate that this is a application/cose-key in the first place (Cont= ent-Format 101): > > https://www.iana.org/assignments/core-parameters/core-parameters.xhtml#co= ntent-formats > > Gr=C3=BC=C3=9Fe, Carsten > From nobody Tue Apr 18 02:52:17 2017 Return-Path: X-Original-To: cose@ietfa.amsl.com Delivered-To: cose@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2A8D129AB3 for ; Tue, 18 Apr 2017 02:52:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C07Qw7E6nMhg for ; Tue, 18 Apr 2017 02:52:14 -0700 (PDT) Received: from mail-qt0-x229.google.com (mail-qt0-x229.google.com [IPv6:2607:f8b0:400d:c0d::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA7E5129ACD for ; Tue, 18 Apr 2017 02:52:13 -0700 (PDT) Received: by mail-qt0-x229.google.com with SMTP id y33so37450732qta.2 for ; Tue, 18 Apr 2017 02:52:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=+AfQKcpZVNN1xrNckaHqQVRTdSVDEL7335JmAQa3ZrY=; b=ErKD1zW/eeZZNYkq929sOdz7UPoWtwhkBukg7TjcV5o/SdATmvdAkDpWRKsIAXgDee PeQvi9E2UXEwRP06bsK+hgHCVD0u4k6aqBTuft+GYKfHvg2e9JdSNEXc3ho6QvLFy5oj OsZQlyYoHUfgKmiGNXkvPVZbP1laWjI/A7/bbx+rexEdgPaSn5W/P/51RAoGtYVDeJFK OP6sKdrpSU9hlkE9gPsjnEautMzRriavDLLrw578PGhh0WjwelqJO3l8pmSkZwsqYqPf w93pb7YmP0RNssYPei+YhsqAtJzWfxqyGCNgobCR35Mm132G9J9ZlY3l9s+Plo82Grrs vueQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=+AfQKcpZVNN1xrNckaHqQVRTdSVDEL7335JmAQa3ZrY=; b=TrsqXRNXpJdlqgNHZfNGWWBnLQFAZ9Q9cSOVQXExsfJdtbKi+PQgFN/0ev5pslhnYg 94aSa13VY/ZrdV59HUYkglWPswgoQF/5/yrSq2Do+WYjWFEx1V0o8mA2olM6GrL2+IqB IqN5CZnUd9Owh/Y/KnDVMEx99RfhPa8tYjyY+9yBeMMxehEvNJhs0KnjcxHEkrkArwgn QfRCoe7Z6l2JBB9tmL8VaVzojMpmU+3eshiGHmG41MTzGYwomU5+sxL87hUqh24E/Rii LJf7SpG2S4hmnHCDmjGNXRD2AISFs1UDod5suiEwOCHO4mTCJxMOSvUcFdrT8qeiZuMF CeDg== X-Gm-Message-State: AN3rC/5abavlTSHssDLpMeUWQAu/6atsxRkS5gdnpvRSYcTOyWbFAG7v x6DXndhf3G6R7HO8q0QqhGpqrlheh7e2 X-Received: by 10.200.51.132 with SMTP id c4mr12868491qtb.13.1492509132999; Tue, 18 Apr 2017 02:52:12 -0700 (PDT) MIME-Version: 1.0 Received: by 10.200.58.102 with HTTP; Tue, 18 Apr 2017 02:51:52 -0700 (PDT) In-Reply-To: References: <08eb01d103c8$3deade00$b9c09a00$@augustcellars.com> <561A2C9B.5060104@tzi.org> <094001d10451$cccec4e0$666c4ea0$@augustcellars.com> <507AF7D7-6060-4D8A-A4E8-502C82D5CC50@tzi.org> From: Renzo Navas Date: Tue, 18 Apr 2017 11:51:52 +0200 Message-ID: To: Carsten Bormann , Jim Schaad Cc: cose Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [COSE] Assigning CBOR tags to key structures X-BeenThere: cose@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: CBOR Object Signing and Encryption List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 09:52:16 -0000 clarification: when I wrote "The COSE messages are around 52 Bytes.." I wanted to say the COSE messages *of my particular application*; but let's forget that. On Tue, Apr 18, 2017 at 11:46 AM, Renzo Navas wrote: > Hello Cose ML! > (Sorry for the late reply, I didn't see the replies the same day; then > I was on holidays) > > Jim: > thanks for the suggestion. Indeed I think I will go for this option to > keep the solution non-homebrew. I will borrow from the CoAP > Content-Formats (application/cose-key : 101) and put this in the > protected headers. > I think this solution will be 3 bytes (1B content-type label + 2B to > represent "101") instead of 1 byte of the hypothetical CBOR Tag for > COSE-Key (19 or 20 looked nice). > > Carsten: > I am using CoAP (..for now) but I want the least possible COSE > metadata on the CoAP header; to make the COSE message as agnostic as > possible of the transport (maybe we will transport this message > over-foo). In my particular case, I simply use the CoAP Content-format > 60 to indicate that this is an "application/cbor" payload. > Then I use the CBOR-Tag 16 (COSE_Encrypt0), because indeed that is > what this CBOR message is. So even if I use CoAP metadata for COSE I > should indicate this message as "application/cose; > cose-type=3D"cose-encrypt0" (16). > > My 'problem' arose when, once decrypted; the plaintext part of the > COSE_Encrypt0 contains , in some cases, a COSE_Key object; and I > simply wanted to indicate that with a 1-byte tag . Jim's suggestions > of content-type in protected header solves my problem indeed. > > > So maybe the question I want to ask to the ML is: > > why you discarded defining the COSE_Key/COSE_KeySet CBOR tag? ( I see > the pretty tags 19 and 20 unassigned) > Carsten, I really agree with your opinion from 2015 : > >>I'd propose this rule: >>If there is a media type, there should be a CBOR tag for those >>environments that don't benefit from media types. > In the end, it's a matter of 2 bytes, 1 byte tag, vs 3 byte protected > header content-type. > The COSE messages are around 52 Bytes, so It's a matter of 4% longer > Messages/Energy. > > I found it strange not to find a CBOR tag for a mayor COSE type. > > These are my 2 cents, > > Thank you for your quick reply Jim and Carsten! > > Renzo > > > On Fri, Apr 7, 2017 at 6:14 PM, Carsten Bormann wrote: >> Hi Renzo, >> >> where would you put such a tag? >> >> Starting the encoded CBOR with a tag would amount to a magic number unle= ss the media type already indicates that this is CBOR-encoded. But then it= could indicate that this is a application/cose-key in the first place (Con= tent-Format 101): >> >> https://www.iana.org/assignments/core-parameters/core-parameters.xhtml#c= ontent-formats >> >> Gr=C3=BC=C3=9Fe, Carsten >>