mcr
commented
3 years ago The value in having the x5bag (could be a chain) in the voucher-request, when it's sitting on disk, is that it makes it clearly self-contained. That seems to have a really high value for unit testing of voucher-request validation libraries.
The text in #150 does forbid the pledge from including it, but as you say, it's wasted bytes. It does tell the Registrar to ignore it that.
I don't buy the MASA and database argument for two reasons. 1) using the public key of pledge (not the certificate itself, but the public key) as the primary index is probably a good idea. (I did it). 2) it's not that many bytes for a non-constrained database to store.
EskoDijk
Similar to how a certificate chain can be added into a CMS signing structure, an x5bag with certs can be added into a COSE structure by the Pledge.
This was discussed during the interop/hackathon.
Pro: makes the COSE-signed VR more similar to CMS-signed VR; conceptually the same. And the COSE signed object becomes verifiable as a single unit without needing external data. Con: increases the size of the VR by a lot and is not strictly necessary because the IDevID certs can be obtained by Registrar from observation of the DTLS handshake and these need to be checked anyhow against the VR signing.
One possible resolution is to make this OPTIONAL for Pledge. If present, the Registrar MUST check the x5bag certs against the handshake certs (=same identity) and use that identity to verify the signing of VR.
Another resolution is to NOT include x5bag because it has little added value (if it has, it needs to be made clear here what!) Potential added value: