Merge pull request #187 from jimsch/master

Remove alg MUST
cose-wg · Nov 22, 2016 · 5bc5c34 · 5bc5c34
2 parents eee8588 + afb8903
commit 5bc5c34
Showing 1 changed file with 75 additions and 67 deletions.
diff --git a/draft-ietf-cose-msg.xml b/draft-ietf-cose-msg.xml
@@ -613,10 +613,18 @@ empty_or_serialized_map = bstr .cbor header_map / bstr .size 0
         <t>
           <list style="hanging">
             <t hangText='alg:'>
+              <!--  old golden text
               This parameter is used to indicate the algorithm used for the security processing.
               This parameter MUST be present in the COSE_Signature, COSE_Sign1, COSE_Encrypt, COSE_Encrypt0, COSE_Mac, and COSE_Mac0 structures.
               When the algorithm supports authenticating associated data, this parameter MUST be in the protected header bucket.
               The value is taken from the "COSE Algorithms" Registry (see <xref target="cose-algorithm-registry"/>).
+
+              New messed up text -->
+              This parameter is used to indicate the algorithm used for the security processing.
+              This parameter MUST be authenticated where the ability to do so exists.
+              This support is provided by AEAD algorithms or construction (COSE_Sign, COSE_Sign0, COSE_Mac and COSE_Mac0).
+              This authentication can be done either by placing the header in the protected header bucket or as part of the externally supplied data.
+              The value is taken from the "COSE Algorithms" Registry (see <xref target="cose-algorithm-registry"/>).
             </t>
 
             <t hangText='crit:'>
@@ -3919,20 +3927,20 @@ encryptedKey = KeyWrap(KDF(DH-Shared, context), CEK)
         <!--  FOR IANA
              
              
-name || label || type || algorithm || description
+name || label || type || algorithm || description  **
 
-ephemeral key || -1 || COSE_Key || ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW || Ephemeral Public key for the sender
-static key || -2 || COSE_Key || ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW  || Static Public key for the sender
-static key id  || -3 || bstr || ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW  || Static Public key identifier for the sender
+ephemeral key || -1 || COSE_Key || ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW || Ephemeral Public key for the sender  **
+static key || -2 || COSE_Key || ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW  || Static Public key for the sender  **
+static key id  || -3 || bstr || ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW  || Static Public key identifier for the sender  **
 
-salt || -20 || bstr || direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW  || Random salt
+salt || -20 || bstr || direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW  || Random salt  **
 
-PartyU identity || -21 || bstr || direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW  || Party U identity Information
-PartyU nonce || -22 || bstr / int || direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW  || Party U provided nonce
-PartyU other || -23 || bstr || direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW  || Party U other provided information
-PartyV identity || -24 || bstr || direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW  || Party V identity Information
-PartyV nonce || -25 || bstr / int || direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW
-Party V provided nonce || PartyV other || -26 || bstr || direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW  || Party V other provided information
+PartyU identity || -21 || bstr || direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW  || Party U identity Information  **
+PartyU nonce || -22 || bstr / int || direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW  || Party U provided nonce  **
+PartyU other || -23 || bstr || direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW  || Party U other provided information  **
+PartyV identity || -24 || bstr || direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW  || Party V identity Information  **
+PartyV nonce || -25 || bstr / int || direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW  **
+Party V provided nonce || PartyV other || -26 || bstr || direct+HKDF-SHA-256, direct+HKDF-SHA-512, direct+HKDF-AES-128, direct+HKDF-AES-256, ECDH-ES+HKDF-256, ECDH-ES+HKDF-512, ECDH-SS+HKDF-256, ECDH-SS+HKDF-512, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-SS+A128KW, ECDH-SS+A192KW, ECDH-SS+A256KW  || Party V other provided information  **
 
 
 -->
@@ -3992,66 +4000,66 @@ Party V provided nonce || PartyV other || -26 || bstr || direct+HKDF-SHA-256, di
           Expert reviewers should consider this practice, but are not expected to be restricted by this precedent.
         </t>
 
-<!--  FOR IANA
+<!--  FOR IANA  **
 
-name || value || description
+name || value || description  **
 
-Reserved || 0 || Reserved
+Reserved || 0 || Reserved  **
 
-AES-CCM-16-64-128 || 10 || AES-CCM mode 128-bit key, 64-bit tag, 13-byte nonce
-AES-CCM-16-64-256 || 11 || AES-CCM mode 256-bit key, 64-bit tag, 13-byte nonce
-AES-CCM-64-64-128 || 12 || AES-CCM mode 128-bit key, 64-bit tag, 7-byte nonce
-AES-CCM-64-64-256 || 13 || AES-CCM mode 256-bit key, 64-bit tag, 7-byte nonce
-AES-CCM-16-128-128 || 30 || AES-CCM mode 128-bit key, 128-bit tag, 13-byte nonce
-AES-CCM-16-128-256 || 31 || AES-CCM mode 256-bit key, 128-bit tag, 13-byte nonce
-AES-CCM-64-128-128 || 32 || AES-CCM mode 128-bit key, 128-bit tag, 7-byte nonce
-AES-CCM-64-128-256 || 33 || AES-CCM mode 256-bit key, 128-bit tag, 7-byte nonce
+AES-CCM-16-64-128 || 10 || AES-CCM mode 128-bit key, 64-bit tag, 13-byte nonce  **
+AES-CCM-16-64-256 || 11 || AES-CCM mode 256-bit key, 64-bit tag, 13-byte nonce  **
+AES-CCM-64-64-128 || 12 || AES-CCM mode 128-bit key, 64-bit tag, 7-byte nonce  **
+AES-CCM-64-64-256 || 13 || AES-CCM mode 256-bit key, 64-bit tag, 7-byte nonce  **
+AES-CCM-16-128-128 || 30 || AES-CCM mode 128-bit key, 128-bit tag, 13-byte nonce  **
+AES-CCM-16-128-256 || 31 || AES-CCM mode 256-bit key, 128-bit tag, 13-byte nonce  **
+AES-CCM-64-128-128 || 32 || AES-CCM mode 128-bit key, 128-bit tag, 7-byte nonce  **
+AES-CCM-64-128-256 || 33 || AES-CCM mode 256-bit key, 128-bit tag, 7-byte nonce  **
 
-A128GCM || 1 || AES-GCM mode w/ 128-bit key, 128-bit tag
-A192GCM || 2 || AES-GCM mode w/ 192-bit key, 128-bit tag
-A256GCM || 3 || AES-GCM mode w/ 256-bit key, 128-bit tag
+A128GCM || 1 || AES-GCM mode w/ 128-bit key, 128-bit tag  **
+A192GCM || 2 || AES-GCM mode w/ 192-bit key, 128-bit tag  **
+A256GCM || 3 || AES-GCM mode w/ 256-bit key, 128-bit tag  **
 
-ChaCha20/Poly1305 || 24 || ChaCha20/Poly1305 w/ 256-bit key, 128-bit tag
+ChaCha20/Poly1305 || 24 || ChaCha20/Poly1305 w/ 256-bit key, 128-bit tag  **
 
-ES256 || -7 || ECDSA w/ SHA-256
-ES384 || -35 || ECDSA w/ SHA-384
-ES512 || -36 || ECDSA w/ SHA-512
+ES256 || -7 || ECDSA w/ SHA-256  **
+ES384 || -35 || ECDSA w/ SHA-384  **
+ES512 || -36 || ECDSA w/ SHA-512  **
 
-HMAC 256/64 || 4 || HMAC w/ SHA-256 truncated to 64 bits
-HMAC 256/256 || 5 || HMAC w/ SHA-256
-HMAC 384/384 || 6 || HMAC w/ SHA-384
-HMAC 512/512 || 7 || HMAC w/ SHA-512
+HMAC 256/64 || 4 || HMAC w/ SHA-256 truncated to 64 bits  **
+HMAC 256/256 || 5 || HMAC w/ SHA-256  **
+HMAC 384/384 || 6 || HMAC w/ SHA-384  **
+HMAC 512/512 || 7 || HMAC w/ SHA-512  **
 
-AES-MAC 128/64 || 14 || AES-MAC 128 bit key, 64-bit tag
-AES-MAC 256/64 || 15 || AES-MAC 256 bit key, 64-bit tag
-AES-MAC 128/128 || 25 || AES-MAC 128 bit key, 128-bit tag
-AES-MAC 256/128 || 26 || AES-MAC 256 bit key, 128-bit tag
+AES-MAC 128/64 || 14 || AES-MAC 128 bit key, 64-bit tag  **
+AES-MAC 256/64 || 15 || AES-MAC 256 bit key, 64-bit tag  **
+AES-MAC 128/128 || 25 || AES-MAC 128 bit key, 128-bit tag  **
+AES-MAC 256/128 || 26 || AES-MAC 256 bit key, 128-bit tag  **
 
-direct || -6 || Direct use of CEK
+direct || -6 || Direct use of CEK  **
 
-direct+HKDF-SHA-256 || -10 || Shared secret w/ HKDF and SHA-256
-direct+HKDF-SHA-512 || -11 || Shared secret w/ HKDF and SHA-512
-direct+HKDF-AES-128 || -12 || Shared secret w/ AES-MAC 128-bit key
-direct+HKDF-AES-256 || -13 || Shared secret w/ AES-MAC 256-bit key
+direct+HKDF-SHA-256 || -10 || Shared secret w/ HKDF and SHA-256  **
+direct+HKDF-SHA-512 || -11 || Shared secret w/ HKDF and SHA-512  **
+direct+HKDF-AES-128 || -12 || Shared secret w/ AES-MAC 128-bit key  **
+direct+HKDF-AES-256 || -13 || Shared secret w/ AES-MAC 256-bit key  **
 
-A128KW || -3 || AES Key Wrap w/ 128-bit key
-A192KW || -4 || AES Key Wrap w/ 192-bit key
-A256KW || -5 || AES Key Wrap w/ 256-bit key
+A128KW || -3 || AES Key Wrap w/ 128-bit key  **
+A192KW || -4 || AES Key Wrap w/ 192-bit key  **
+A256KW || -5 || AES Key Wrap w/ 256-bit key  **
 
-EdDSA || -8 || EdDSA
+EdDSA || -8 || EdDSA  **
 
 
-ECDH-ES + HKDF-256 || -25 || ECDH ES w/ HKDF - generate key directly
-ECDH-ES + HKDF-512 || -26 || ECDH ES w/ HKDF - generate key directly
-ECDH-SS + HKDF-256 || -27 || ECDH SS w/ HKDF - generate key directly
-ECDH-SS + HKDF-512 || -28 || ECDH SS w/ HKDF - generate key directly
+ECDH-ES + HKDF-256 || -25 || ECDH ES w/ HKDF - generate key directly  **
+ECDH-ES + HKDF-512 || -26 || ECDH ES w/ HKDF - generate key directly  **
+ECDH-SS + HKDF-256 || -27 || ECDH SS w/ HKDF - generate key directly  **
+ECDH-SS + HKDF-512 || -28 || ECDH SS w/ HKDF - generate key directly  **
 
-ECDH-ES + A128KW || -29 || ECDH ES w/ Concat KDF and AES Key wrap w/ 128 bit key
-ECDH-ES + A192KW || -30 || ECDH ES w/ Concat KDF and AES Key wrap w/ 192 bit key
-ECDH-ES + A256KW || -31 || ECDH ES w/ Concat KDF and AES Key wrap w/ 256 bit key
-ECDH-SS + A128KW || -32 || ECDH SS w/ Concat KDF and AES Key wrap w/ 128 bit key
-ECDH-SS + A192KW || -33 || ECDH SS w/ Concat KDF and AES Key wrap w/ 192 bit key
-ECDH-SS + A256KW || -34 || ECDH SS w/ Concat KDF and AES Key wrap w/ 256 bit key
+ECDH-ES + A128KW || -29 || ECDH ES w/ Concat KDF and AES Key wrap w/ 128 bit key  **
+ECDH-ES + A192KW || -30 || ECDH ES w/ Concat KDF and AES Key wrap w/ 192 bit key  **
+ECDH-ES + A256KW || -31 || ECDH ES w/ Concat KDF and AES Key wrap w/ 256 bit key  **
+ECDH-SS + A128KW || -32 || ECDH SS w/ Concat KDF and AES Key wrap w/ 128 bit key  **
+ECDH-SS + A192KW || -33 || ECDH SS w/ Concat KDF and AES Key wrap w/ 192 bit key  **
+ECDH-SS + A256KW || -34 || ECDH SS w/ Concat KDF and AES Key wrap w/ 256 bit key  **
 
 -->
 
@@ -4152,20 +4160,20 @@ ECDH-SS + A256KW || -34 || ECDH SS w/ Concat KDF and AES Key wrap w/ 256 bit key
           The specification column for all of these entries will be this document.
         </t>
 
-        <!--  FOR IANA
+        <!--  FOR IANA  **
 
-name || key type || label || type || description
+name || key type || label || type || description  **
 
-crv || 2 || -1 || int / tstr || EC Curve identifier - Taken from the COSE Curves registry
-x || 2 || -2 || bstr || X Coordinate
-y || 2 || -3 || bstr / bool || Y Coordinate
-d || 2 || -4 || bstr || Private key
+crv || 2 || -1 || int / tstr || EC Curve identifier - Taken from the COSE Curves registry  **
+x || 2 || -2 || bstr || X Coordinate  **
+y || 2 || -3 || bstr / bool || Y Coordinate  **
+d || 2 || -4 || bstr || Private key  **
 
-crv || 1 || -1 || int / tstr || EC Curve identifier - Taken from the COSE Key Common Parameters registry
-x || 1 || -2 || bstr || X Coordinate
-d || 1 || -4 || bstr || Private key
+crv || 1 || -1 || int / tstr || EC Curve identifier - Taken from the COSE Key Common Parameters registry  **
+x || 1 || -2 || bstr || X Coordinate  **
+d || 1 || -4 || bstr || Private key  **
 
-k || 4 || -1 || bstr || Key Value
+k || 4 || -1 || bstr || Key Value  **
 
 -->
 
@@ -4832,7 +4840,7 @@ k || 4 || -1 || bstr || Key Value
         -->
 
 
-    <section title="Making Mandatory Algorithm Header Optional">
+    <section title="Guidelines for External Data Authentication of Algorithms">
       <t>
         There has been a portion of the working group who have expressed a strong desire to relax the rule that the algorithm identifier be required to appear in each level of a COSE object.
         There are two basic reasons that have been advanced to support this position.