Language for signer inheritance #377
Conversation
deeglaze
requested review from
henkbirkholz,
thomas-fossati,
yogeshbdeshpande and
nedmsmith
as code owners
draft-ietf-rats-corim.md
Outdated
| @@ -267,6 +267,8 @@ For more detail, see {{sec-corim-profile-types}}. | |||
| A CoRIM can be signed ({{sec-corim-signed}}) using COSE Sign1 to provide end-to-end security to the CoRIM contents. | |||
| When CoRIM is signed, the protected header carries further identifying information about the CoRIM signer. | |||
| Alternatively, CoRIM can be encoded as a #6.501 CBOR-tagged payload ({{sec-corim-map}}) and transported over a secure channel. | |||
| If a CoRIM is contained within a larger signed document or message, there MUST be a single signer assigned to the scope of the CoRIM as part of the document's specification or protocol conveying the message, respectively. | |||
| For example, an application may use TLS to transmit an unsigned CoRIM and specify that the signer is the public key in the Hello message. | |||
There was a problem hiding this comment.
Worth adding CMW as another example.
There was a problem hiding this comment.
I didn't want to make a circular citation since CMW references CoRIM.
There was a problem hiding this comment.
No problem with that. These are "weak" links since the references are both informative.
draft-ietf-rats-corim.md
Outdated
| @@ -267,6 +267,8 @@ For more detail, see {{sec-corim-profile-types}}. | |||
| A CoRIM can be signed ({{sec-corim-signed}}) using COSE Sign1 to provide end-to-end security to the CoRIM contents. | |||
| When CoRIM is signed, the protected header carries further identifying information about the CoRIM signer. | |||
| Alternatively, CoRIM can be encoded as a #6.501 CBOR-tagged payload ({{sec-corim-map}}) and transported over a secure channel. | |||
| If a CoRIM is contained within a larger signed document or message, there MUST be a single signer assigned to the scope of the CoRIM as part of the document's specification or protocol conveying the message, respectively. | |||
There was a problem hiding this comment.
I would phrase the statement something like this.
`A CoRIM can be used without signature protection (please see unsigned-corim-map),
For example, an application may use TLS to transmit an unsigned CORIM and specify that the signer
is the public key in the Certificate Message.
Alternatively an unsigned CoRIM can be a part of a RATS Message which itself is signed (example a signed CMW).
In such cases the authority of CoRIM is delegated to the signer encapsulating the CoRIM.`
This comment was marked as duplicate.
This comment was marked as duplicate.
Sorry, something went wrong.
draft-ietf-rats-corim.md
Outdated
| If a CoRIM is contained within a larger signed document or message, there MUST be a single signer assigned to the scope of the CoRIM as part of the document's specification or protocol conveying the message, respectively. | ||
| For example, an application may use TLS to transmit an unsigned CoRIM and specify that the signer is the public key in the Certificate message. |
There was a problem hiding this comment.
| If a CoRIM is contained within a larger signed document or message, there MUST be a single signer assigned to the scope of the CoRIM as part of the document's specification or protocol conveying the message, respectively. | |
| For example, an application may use TLS to transmit an unsigned CoRIM and specify that the signer is the public key in the Certificate message. | |
| For example, an application may use TLS to transmit an unsigned CORIM and specify that the signer is the public key in the Certificate Message. | |
| Alternatively an unsigned CoRIM can be a part of a RATS Message which itself is signed (example a signed CMW). | |
| In such cases the authority of CoRIM is delegated to the signer encapsulating the CoRIM. |
There was a problem hiding this comment.
Yogesh please double-check this against the current status.
|
Push 5df10ee adds the manifest-signer role so that an unsigned-corim can contain the signer entity information when the COSE-Sign1-corim form of signing isn't available. |
With the proposed additions to CMW, this fixes Issue ietf-rats-wg#358.
Co-authored-by: Thomas Fossati <[email protected]>
Added manifest-signer role to the roles.
Added example that tests use of manifest-signer role in an unsigned-corim
Co-authored-by: Ned Smith <[email protected]>
Co-authored-by: Ned Smith <[email protected]>
Co-authored-by: Ned Smith <[email protected]>
Also change the TN() tagged data to the 2-ary array, as Laurence wants to remove that from the CMW spec.
Co-authored-by: Ned Smith <[email protected]>
Co-authored-by: Ned Smith <[email protected]>
Co-authored-by: Ned Smith <[email protected]>
deeglaze
force-pushed
the
sig-inherit
branch
from
a61e237 to
4ff8922
Compare
|
|
||
| A method of signing a bundle of CoRIMs together is through a signed RATS Conceptual Message Wrapper (CMW) {{-cmw}}. | ||
| The COSE_Sign1 signature format can be used with a CMW collection. | ||
| The COSE protected header can include a CMW collection type name. |
There was a problem hiding this comment.
| The COSE protected header can include a CMW collection type name. | |
| The COSE protected header can include a Collection CMW type name. |
| The CMW MAY use any label for its CoRIMs. | ||
| If there is a hierarchical structure to the CoRIM bundle, the base entry point SHOULD be labeled `0` in CBOR or `"base"` in JSON. | ||
| It is RECOMMENDED to use to label a CoRIM with its tag-id in string format, where `uuid-type` string format is specified by [RFC4122]. | ||
| CoRIMs distributed in a bundle MAY declare their interdependence `dependent-rims` with local resource indicators. |
There was a problem hiding this comment.
| CoRIMs distributed in a bundle MAY declare their interdependence `dependent-rims` with local resource indicators. | |
| CoRIMs distributed in a bundle SHOULD declare their interdependence using `dependent-rims` with local resource indicators. |
There was a problem hiding this comment.
Why is this not SHOULD?
There was a problem hiding this comment.
because it's redundant. The tags are in the values of the collection CMW's records, so you have TAG-ID => {TAG-ID, ...}
| ~~~ | ||
|
|
||
| The CMW MAY use any label for its CoRIMs. | ||
| If there is a hierarchical structure to the CoRIM bundle, the base entry point SHOULD be labeled `0` in CBOR or `"base"` in JSON. |
There was a problem hiding this comment.
I'm confused, shouldn't the label be a UUID? I don't see how its used in the example.
There was a problem hiding this comment.
If there's a root CoRIM, there's nothing pointing to it, and you need a notion of where to start drilling down in the graph.
Co-authored-by: Ned Smith <[email protected]>
Co-authored-by: Ned Smith <[email protected]>
Co-authored-by: Ned Smith <[email protected]>
Co-authored-by: Ned Smith <[email protected]>
Co-authored-by: Ned Smith <[email protected]>
With the proposed additions to CMW, this fixes Issue #358.