| < draft-ietf-cose-countersign-03.txt | draft-ietf-cose-countersign-04.txt > | |||
|---|---|---|---|---|
| COSE Working Group J. Schaad | COSE Working Group J. Schaad | |||
| Internet-Draft August Cellars | Internet-Draft August Cellars | |||
| Updates: 8152 (if approved) R. Housley, Ed. | Updates: 8152 (if approved) R. Housley, Ed. | |||
| Intended status: Standards Track Vigil Security | Intended status: Standards Track Vigil Security | |||
| Expires: 16 October 2021 14 April 2021 | Expires: 20 November 2021 19 May 2021 | |||
| CBOR Object Signing and Encryption (COSE): Countersignatures | CBOR Object Signing and Encryption (COSE): Countersignatures | |||
| draft-ietf-cose-countersign-03 | draft-ietf-cose-countersign-04 | |||
| Abstract | Abstract | |||
| Concise Binary Object Representation (CBOR) is a data format designed | Concise Binary Object Representation (CBOR) is a data format designed | |||
| for small code size and small message size. CBOR Object Signing and | for small code size and small message size. CBOR Object Signing and | |||
| Encryption (COSE) defines a set of security services for CBOR. This | Encryption (COSE) defines a set of security services for CBOR. This | |||
| document defines a countersignature algorithm along with the needed | document defines a countersignature algorithm along with the needed | |||
| header parameters and CBOR tags for COSE. | header parameters and CBOR tags for COSE. | |||
| Contributing to this document | Contributing to this document | |||
| skipping to change at page 1, line 45 ¶ | skipping to change at page 1, line 45 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 16 October 2021. | This Internet-Draft will expire on 20 November 2021. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 2, line 36 ¶ | skipping to change at page 2, line 36 ¶ | |||
| 3. Version 2 Countersignatures . . . . . . . . . . . . . . . . . 6 | 3. Version 2 Countersignatures . . . . . . . . . . . . . . . . . 6 | |||
| 3.1. Full Countersignatures . . . . . . . . . . . . . . . . . 7 | 3.1. Full Countersignatures . . . . . . . . . . . . . . . . . 7 | |||
| 3.2. Abbreviated Countersignatures . . . . . . . . . . . . . . 8 | 3.2. Abbreviated Countersignatures . . . . . . . . . . . . . . 8 | |||
| 3.3. Signing and Verification Process . . . . . . . . . . . . 8 | 3.3. Signing and Verification Process . . . . . . . . . . . . 8 | |||
| 4. CBOR Encoding Restrictions . . . . . . . . . . . . . . . . . 10 | 4. CBOR Encoding Restrictions . . . . . . . . . . . . . . . . . 10 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 5.1. CBOR Tag Assignment . . . . . . . . . . . . . . . . . . . 10 | 5.1. CBOR Tag Assignment . . . . . . . . . . . . . . . . . . . 10 | |||
| 5.2. COSE Header Parameters Registry . . . . . . . . . . . . . 11 | 5.2. COSE Header Parameters Registry . . . . . . . . . . . . . 11 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 | |||
| 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 13 | 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 13 | |||
| 7.1. Author's Versions . . . . . . . . . . . . . . . . . . . . 13 | 7.1. Author's Versions . . . . . . . . . . . . . . . . . . . . 14 | |||
| 7.2. COSE Testing Library . . . . . . . . . . . . . . . . . . 14 | 7.2. COSE Testing Library . . . . . . . . . . . . . . . . . . 14 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 14 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 15 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 15 | 8.2. Informative References . . . . . . . . . . . . . . . . . 15 | |||
| Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 16 | Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| A.1. Use of Early Code Points . . . . . . . . . . . . . . . . 17 | A.1. Use of Early Code Points . . . . . . . . . . . . . . . . 17 | |||
| A.2. Examples of Signed Messages . . . . . . . . . . . . . . . 17 | A.2. Examples of Signed Messages . . . . . . . . . . . . . . . 17 | |||
| A.2.1. Countersignature . . . . . . . . . . . . . . . . . . 17 | A.2.1. Countersignature . . . . . . . . . . . . . . . . . . 17 | |||
| A.3. Examples of Signed1 Messages . . . . . . . . . . . . . . 18 | A.3. Examples of Signed1 Messages . . . . . . . . . . . . . . 18 | |||
| A.3.1. Countersignature . . . . . . . . . . . . . . . . . . 18 | A.3.1. Countersignature . . . . . . . . . . . . . . . . . . 18 | |||
| A.4. Examples of Enveloped Messages . . . . . . . . . . . . . 19 | A.4. Examples of Enveloped Messages . . . . . . . . . . . . . 19 | |||
| A.4.1. Countersignature on Encrypted Content . . . . . . . . 19 | A.4.1. Countersignature on Encrypted Content . . . . . . . . 19 | |||
| A.5. Examples of Encrypted Messages . . . . . . . . . . . . . 20 | A.5. Examples of Encrypted Messages . . . . . . . . . . . . . 20 | |||
| A.5.1. Countersignature on Encrypted Content . . . . . . . . 21 | A.5.1. Countersignature on Encrypted Content . . . . . . . . 21 | |||
| A.6. Examples of MACed Messages . . . . . . . . . . . . . . . 21 | A.6. Examples of MACed Messages . . . . . . . . . . . . . . . 21 | |||
| skipping to change at page 13, line 19 ¶ | skipping to change at page 13, line 19 ¶ | |||
| Analysis of the size of encrypted messages can provide information | Analysis of the size of encrypted messages can provide information | |||
| about the plaintext messages. This specification does not provide a | about the plaintext messages. This specification does not provide a | |||
| uniform method for padding messages prior to encryption. An observer | uniform method for padding messages prior to encryption. An observer | |||
| can distinguish between two different messages (for example, 'YES' | can distinguish between two different messages (for example, 'YES' | |||
| and 'NO') based on the length for all of the content encryption | and 'NO') based on the length for all of the content encryption | |||
| algorithms that are defined in [I-D.ietf-cose-rfc8152bis-algs]. This | algorithms that are defined in [I-D.ietf-cose-rfc8152bis-algs]. This | |||
| means that it is up to the applications to specify how content | means that it is up to the applications to specify how content | |||
| padding is to be done to prevent or discourage such analysis. (For | padding is to be done to prevent or discourage such analysis. (For | |||
| example, the text strings could be defined as 'YES' and 'NO '.) | example, the text strings could be defined as 'YES' and 'NO '.) | |||
| When either COSE_Encrypt and COSE_Mac is used and more than two | ||||
| parties share the key, data origin authentication is not provided. | ||||
| Any party that knows the message-authentication key can compute a | ||||
| valid authentication tag; therefore, the contents could originate | ||||
| from any one of the parties that share the key. | ||||
| Countersignatures of COSE_Encrypt and COSE_Mac with short | ||||
| authentication tags do not provide the security properties associated | ||||
| with the same algorithm used in COSE_Sign. To provide 128-bit | ||||
| security against collision attacks, the tag length MUST be at least | ||||
| 256-bits. A countersignature of a COSE_Mac with AES-MAC 256/128 | ||||
| provides at most 64 bits of integrity protection. Similarly, a | ||||
| countersignature of a COSE_Encrypt with AES-CCM-16-64-128 provides at | ||||
| most 32 bits bits of integrity protection. | ||||
| 7. Implementation Status | 7. Implementation Status | |||
| This section is to be removed before publishing as an RFC. | This section is to be removed before publishing as an RFC. | |||
| This section records the status of known implementations of the | This section records the status of known implementations of the | |||
| protocol defined by this specification at the time of posting of this | protocol defined by this specification at the time of posting of this | |||
| Internet-Draft, and is based on a proposal described in [RFC7942]. | Internet-Draft, and is based on a proposal described in [RFC7942]. | |||
| The description of implementations in this section is intended to | The description of implementations in this section is intended to | |||
| assist the IETF in its decision processes in progressing drafts to | assist the IETF in its decision processes in progressing drafts to | |||
| RFCs. Please note that the listing of any individual implementation | RFCs. Please note that the listing of any individual implementation | |||
| skipping to change at page 16, line 9 ¶ | skipping to change at page 16, line 32 ¶ | |||
| <https://www.rfc-editor.org/info/rfc7942>. | <https://www.rfc-editor.org/info/rfc7942>. | |||
| [RFC4998] Gondrom, T., Brandner, R., and U. Pordesch, "Evidence | [RFC4998] Gondrom, T., Brandner, R., and U. Pordesch, "Evidence | |||
| Record Syntax (ERS)", RFC 4998, DOI 10.17487/RFC4998, | Record Syntax (ERS)", RFC 4998, DOI 10.17487/RFC4998, | |||
| August 2007, <https://www.rfc-editor.org/info/rfc4998>. | August 2007, <https://www.rfc-editor.org/info/rfc4998>. | |||
| [I-D.ietf-core-groupcomm-bis] | [I-D.ietf-core-groupcomm-bis] | |||
| Dijk, E., Wang, C., and M. Tiloca, "Group Communication | Dijk, E., Wang, C., and M. Tiloca, "Group Communication | |||
| for the Constrained Application Protocol (CoAP)", Work in | for the Constrained Application Protocol (CoAP)", Work in | |||
| Progress, Internet-Draft, draft-ietf-core-groupcomm-bis- | Progress, Internet-Draft, draft-ietf-core-groupcomm-bis- | |||
| 02, 2 November 2020, <https://tools.ietf.org/html/draft- | 03, 22 February 2021, <https://tools.ietf.org/html/draft- | |||
| ietf-core-groupcomm-bis-02>. | ietf-core-groupcomm-bis-03>. | |||
| [I-D.ietf-cose-rfc8152bis-struct] | [I-D.ietf-cose-rfc8152bis-struct] | |||
| Schaad, J., "CBOR Object Signing and Encryption (COSE): | Schaad, J., "CBOR Object Signing and Encryption (COSE): | |||
| Structures and Process", Work in Progress, Internet-Draft, | Structures and Process", Work in Progress, Internet-Draft, | |||
| draft-ietf-cose-rfc8152bis-struct-14, 24 September 2020, | draft-ietf-cose-rfc8152bis-struct-15, 1 February 2021, | |||
| <https://tools.ietf.org/html/draft-ietf-cose-rfc8152bis- | <https://tools.ietf.org/html/draft-ietf-cose-rfc8152bis- | |||
| struct-14>. | struct-15>. | |||
| [RFC8613] Selander, G., Mattsson, J., Palombini, F., and L. Seitz, | [RFC8613] Selander, G., Mattsson, J., Palombini, F., and L. Seitz, | |||
| "Object Security for Constrained RESTful Environments | "Object Security for Constrained RESTful Environments | |||
| (OSCORE)", RFC 8613, DOI 10.17487/RFC8613, July 2019, | (OSCORE)", RFC 8613, DOI 10.17487/RFC8613, July 2019, | |||
| <https://www.rfc-editor.org/info/rfc8613>. | <https://www.rfc-editor.org/info/rfc8613>. | |||
| Appendix A. Examples | Appendix A. Examples | |||
| This appendix includes a set of examples that show the different | This appendix includes a set of examples that show the different | |||
| features and message types that have been defined in this document. | features and message types that have been defined in this document. | |||
| End of changes. 10 change blocks. | ||||
| 11 lines changed or deleted | 26 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||