search

anima-wg / constrained-voucher

This is a repo for the IETF Internet Draft about constrained vouchers in CBOR
2 stars 4 forks source link

verify examples match RFC8152 (raw signature) #215

Closed mcr closed 1 year ago

mcr commented 2 years ago

Viktor has noticed that the examples in the document may be DER encoded rather than being a raw signature.

EskoDijk commented 2 years ago

Specifically, the signature in the example file pledge-to-regis.txt (Appendix C.3) is an ASN.1 DER encoded structure instead of the expected 64-byte raw signature. This needs to be fixed.

Furthermore, the example uses COSE algorithm ES256K (-47) which is marked as "not recommended" in the COSE algorithms registry (https://www.iana.org/assignments/cose/cose.xhtml) Do we have any idea why this is not recommended? Should we change our examples to use ES256 (-7) instead, which still has a "yes" in the recommended-column?

mcr commented 2 years ago

yes, we should use ES256 (-7), unless we have a reason to demonstrate flexibility, which I don't think we do.

petervanderstok commented 2 years ago

I used es256k due to conflict I had when passing from mbedtls to openssl. Don't ask   me how that could happen. Indeed, I use es256 now. Actually it is the certificate that determines the key choice.

EskoDijk commented 2 years ago

Ok, so we can agree to update to ES256 (-7). That's also compatible with the current key type of the certificates (I use the same key types to produce ES256 (-7) signed COSE objects.)

@petervanderstok Maybe you could update the COSE examples in Github now, or maybe you want to wait until I did a review of these examples in detail? (I did not yet do this.) That review will likely produce some more things to improve in the certificates and/or COSE examples.

mcr commented 2 years ago

Examples to be updated after interop.

EskoDijk commented 1 year ago

I'm now updating all examples (making a PR) as part of #237.

EskoDijk commented 1 year ago

Closed by #249