Hi Christian, If I understand correctly, you are proposing the following optimization:
* In the EDHOC and OSCORE profile, it can be allowed that 'req_cnf', 'rs_cnf', and 'cnf' specify "COSE_Key" (1) as CWT Confirmation Method.
* When doing so, the consumer of 'req_cnf', 'rs_cnf', or 'cnf' must build a CCS including only the claim 'cnf', which takes the same value specified as COSE Key in the received confirmation method.
This building operation effectively consists in prepending the four bytes 0xa108a101 to the received "naked" COSE Key.
* The result from the previous step (i.e., the COSE Key minimally "dressed" as a CCS) is used as authentication credential in EDHOC, transported with a 'kccs' COSE header parameter when specified by value in ID_CRED_X.
Is the above correct?If so, I wonder if saving 4 bytes per credential is worth it, and I'm interested to hear more opinions.
Best, /Marco On 2024-12-12 12:28, Christian Amsüss wrote:
Hello ACE-EDHOC authors, On Thu, Dec 12, 2024 at 11:45:58AM +0100, Christian Amsüss wrote:The "maybe a subject claim" is critical here: If a COSE_Key were used raw, the recipient would have no way of knowing whether or not a subject key, let alone with which value, should be in the KCCS that gets used as EDHOC input.To some extent I stand corrected: The implementer in question has pointed to bullet 4 of section 3.5.2 of RFC9528[1], which *does* say that a naked COSE_Key is a credential that can be used by wrapping it in the trivial CCS. Thus, as long as the cnf used in the ACE profile says that it contains a COSE_Key, it may be fine to use it -- but then the profile should point to that conversion. As a whole, this is probably the state: Those a108a101 prefixes would thus actually never be sent, because the RS can send its message 2 with a KID, the C can reconstruct the full credential even though it only got the COSE_Key, and the client sends a token whose ciphertext may also contain the COSE_Key (again, with the prefix added before AAD'ing it as a CRED_I). BR c [1]:https://www.rfc-editor.org/rfc/rfc9528.html#name-authentication-credentials _______________________________________________ Ace mailing list --ace@ietf.org To unsubscribe send an email toace-le...@ietf.org
-- Marco Tiloca Ph.D., Senior Researcher Phone: +46 (0)70 60 46 501 RISE Research Institutes of Sweden AB Box 1263 164 29 Kista (Sweden) Division: Digital Systems Department: Computer Science Unit: Cybersecurity https://www.ri.se
OpenPGP_0xEE2664B40E58DA43.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ace mailing list -- ace@ietf.org To unsubscribe send an email to ace-le...@ietf.org
