Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nonsense: corim = tagged extensible type choice of tags #333

Open
deeglaze opened this issue Oct 23, 2024 · 6 comments
Open

Nonsense: corim = tagged extensible type choice of tags #333

deeglaze opened this issue Oct 23, 2024 · 6 comments

Comments

@deeglaze
Copy link
Collaborator

We need to remove the extensibility of $concise-rim-type-choice since extensibility is driven by profile, but profile isn't known at this point.

We also don't need to tag the type choice. Let's release the 500 tag?

corim = concise-rim-type-choice

deeglaze added a commit to deeglaze/draft-ietf-rats-corim that referenced this issue Oct 23, 2024
Tagged type choices are not typical.
I would go so far as to drop the 500 tag as the entrypoint to CoRIM
altogether. NVIDIA is creating CoRIMs this way, but they are using a
different content-type in the protected header. I think we can drop it
in an follow-up.

This patch drops

* the need to tag the type choice
* the extensibility of concise-rim-type-choice, since extensibility is
  governed by a profile, and the profile is not known at this point
  in parsing.
* the need to tag the signed corim, since it is a COSE-sign1 with an
  unambigiuous content-type, and COSE-sign1 already has its own tag.

Addresses Issue ietf-rats-wg#333, but 500 removal is TBD.

Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
deeglaze added a commit to deeglaze/draft-ietf-rats-corim that referenced this issue Oct 25, 2024
Tagged type choices are not typical.
I would go so far as to drop the 500 tag as the entrypoint to CoRIM
altogether. NVIDIA is creating CoRIMs this way, but they are using a
different content-type in the protected header. I think we can drop it
in an follow-up.

This patch drops

* the need to tag the type choice
* the extensibility of concise-rim-type-choice, since extensibility is
  governed by a profile, and the profile is not known at this point
  in parsing.
* the need to tag the signed corim, since it is a COSE-sign1 with an
  unambigiuous content-type, and COSE-sign1 already has its own tag.

Addresses Issue ietf-rats-wg#333, but 500 and 502 removal is TBD.

Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
deeglaze added a commit to deeglaze/draft-ietf-rats-corim that referenced this issue Oct 25, 2024
Tagged type choices are not typical.
I would go so far as to drop the 500 tag as the entrypoint to CoRIM
altogether. NVIDIA is creating CoRIMs this way, but they are using a
different content-type in the protected header. I think we can drop it
in an follow-up.

This patch drops

* the need to tag the type choice
* the extensibility of concise-rim-type-choice, since extensibility is
  governed by a profile, and the profile is not known at this point
  in parsing.
* the need to tag the signed corim, since it is a COSE-sign1 with an
  unambigiuous content-type, and COSE-sign1 already has its own tag.

Addresses Issue ietf-rats-wg#333, but 500 and 502 removal is TBD.

Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
deeglaze added a commit to deeglaze/draft-ietf-rats-corim that referenced this issue Oct 25, 2024
Tagged type choices are not typical.
I would go so far as to drop the 500 tag as the entrypoint to CoRIM
altogether. NVIDIA is creating CoRIMs this way, but they are using a
different content-type in the protected header. I think we can drop it
in an follow-up.

This patch drops

* the need to tag the type choice
* the extensibility of concise-rim-type-choice, since extensibility is
  governed by a profile, and the profile is not known at this point
  in parsing.
* the need to tag the signed corim, since it is a COSE-sign1 with an
  unambigiuous content-type, and COSE-sign1 already has its own tag.

Addresses Issue ietf-rats-wg#333, but 500 and 502 removal is TBD.

Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
deeglaze added a commit to deeglaze/draft-ietf-rats-corim that referenced this issue Oct 25, 2024
Tagged type choices are not typical.
I would go so far as to drop the 500 tag as the entrypoint to CoRIM
altogether. NVIDIA is creating CoRIMs this way, but they are using a
different content-type in the protected header. I think we can drop it
in an follow-up.

This patch drops

* the need to tag the type choice
* the extensibility of concise-rim-type-choice, since extensibility is
  governed by a profile, and the profile is not known at this point
  in parsing.
* the need to tag the signed corim, since it is a COSE-sign1 with an
  unambigiuous content-type, and COSE-sign1 already has its own tag.

Addresses Issue ietf-rats-wg#333, but 500 and 502 removal is TBD.

Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
@thomas-fossati
Copy link
Collaborator

We need to remove the extensibility of $concise-rim-type-choice since extensibility is driven by profile, but profile isn't known at this point.

Indeed, that $ looks like a typo to me. $concise-rim-type-choice should be a closed type choice which, per our typographical conventions, should read concise-rim-type-choice.

We also don't need to tag the type choice. Let's release the 500 tag?

corim = concise-rim-type-choice

The two-level tagging system effectively smells like overengineering.

I don't recall why we originally decided to use this tagging scheme.

While I am not opposed to dropping it, this could produce wire-image incompatibility with the TCG's spec, which we agreed must be avoided.

@nedmsmith
Copy link
Collaborator

TCG Endorsement spec defines:

corim = #6.500($concise-reference-integrity-manifest-type-choice)
tagged-corim-map = #6.501(corim-map)
$concise-reference-integrity-manifest-type-choice /= tagged-corim-map
$concise-reference-integrity-manifest-type-choice /= #6.502(signed-corim)

COSE-Sign1-corim = [
  protected: bstr .cbor protected-corim-header-map
  unprotected: unprotected-corim-header-map
  payload: bstr .cbor tagged-corim-map
  signature: bstr
]

The TCG is doing errata for this spec. Maybe it makes sense to influence this?
But it would need to happen quickly and be minimally invasive.

@thomas-fossati
Copy link
Collaborator

TCG Endorsement spec defines:

corim = #6.500($concise-reference-integrity-manifest-type-choice)
tagged-corim-map = #6.501(corim-map)
$concise-reference-integrity-manifest-type-choice /= tagged-corim-map
$concise-reference-integrity-manifest-type-choice /= #6.502(signed-corim)

COSE-Sign1-corim = [
  protected: bstr .cbor protected-corim-header-map
  unprotected: unprotected-corim-header-map
  payload: bstr .cbor tagged-corim-map
  signature: bstr
]

The TCG is doing errata for this spec. Maybe it makes sense to influence this? But it would need to happen quickly and be minimally invasive.

Then I'd do:

corim = tagged-corim-map / tagged-cose-sign1-corim

which uses 501 for the unprotected and 18 for the sign1-protected corim-map.

@deeglaze
Copy link
Collaborator Author

deeglaze commented Oct 30, 2024

The TCG is doing errata for this spec. Maybe it makes sense to influence this? But it would need to happen quickly and be minimally invasive.

Which working group?

(NOTE by thofos: I hit "edit" instead of "quote reply", apologies!)

@thomas-fossati
Copy link
Collaborator

The TCG is doing errata for this spec. Maybe it makes sense to influence this? But it would need to happen quickly and be minimally invasive.

Which working group?

Should be DICE.

@nedmsmith
Copy link
Collaborator

Then I'd do:

corim = tagged-corim-map / tagged-cose-sign1-corim

The TCG spec doesn't define tagged-cose-sign1-corim only signed-corim = #6.18(COSE-Sign1-corim)
But I think it is effectively the same thing. Essentially, the updated TCG spec would look like:

corim = concise-rim-type-choice
tagged-corim-map = #6.501(corim-map)
concise-rim-type-choice /= tagged-corim-map
concise-rim-type-choice /= #6.502(signed-corim)

It would be an extension to add:

concise-rim-type-choice /= signed-corim

deeglaze added a commit to deeglaze/draft-ietf-rats-corim that referenced this issue Dec 18, 2024
Tagged type choices are not typical.
I would go so far as to drop the 500 tag as the entrypoint to CoRIM altogether. NVIDIA is creating CoRIMs this way, but they are using a different content-type in the protected header. I think we can drop it in an follow-up.

This patch drops

the need to tag the type choice
the extensibility of concise-rim-type-choice, since extensibility is governed by a profile, and the profile is not known at this point in parsing.
the need to tag the signed corim, since it is a COSE-sign1 with an unambigiuous content-type, and COSE-sign1 already has its own tag.
Addresses Issue ietf-rats-wg#333, but 500 removal is TBD.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants