Network Working Group                                        G. Selander
Internet-Draft                                         J. Preuß Mattsson
Intended status: Standards Track                                Ericsson
Expires: 8 September 2022                                   7 March 2022


  Integer value for the CBOR Object Signing and Encryption (COSE) key
                               identifier
                     draft-selander-cose-kid-int-00

Abstract

   This document extends the CBOR Object Signing and Encryption (COSE)
   parameter kid to CBOR integer values.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 8 September 2022.

Copyright Notice

   Copyright (c) 2022 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.






Selander & Preuß MattssoExpires 8 September 2022                [Page 1]


Internet-Draft         Integer value key identifer            March 2022


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Security Considerations . . . . . . . . . . . . . . . . . . .   3
   3.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   3
     3.1.  COSE Header Parameters Registry . . . . . . . . . . . . .   3
     3.2.  COSE Key Common Parameters Registry . . . . . . . . . . .   3
   4.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   3
     4.1.  Normative References  . . . . . . . . . . . . . . . . . .   3
     4.2.  Informative References  . . . . . . . . . . . . . . . . .   4
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .   4
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   4

1.  Introduction

   Many Internet of Things (IoT) deployments require technologies which
   are highly performant in constrained environments [RFC7228].  The
   connectivity for these settings may exhibit extremely restricted
   bandwidth constraints, for which byte level optimizations are
   motivated, see [I-D.ietf-lake-reqs].

   The use of CBOR [RFC8949] enables a compact encoding of protected
   data as COSE objects [I-D.ietf-cose-rfc8152bis-struct], which is a
   basic building block in various IoT security settings such as CWT
   [RFC8392], OSCORE [RFC8613], and ACE-OAuth
   [I-D.ietf-ace-oauth-authz].  COSE defines the key identifier
   parameter kid used to identify keys used in the COSE object.

   The value of the kid parameter is specified to be encoded as a CBOR
   byte string, which (with the exception of the empty string) requires
   at least two bytes on the wire.  For comparison, CBOR encoding of
   small integers (-24, ..., 23) need only one byte on the wire.  Since
   many IoT deployments may use local identifiers for which a few unique
   identifiers are sufficient, the use of CBOR integers as key
   identifiers would reduce the overhead due to transport of COSE
   objects.

   This specification amends this limitation by extending the COSE
   parameter kid to allow CBOR integer values. kid is used in two
   instances in COSE, which both need to be extended to CBOR int
   encoding:

   *  The kid COSE header parameter, see Section 3.1.

   *  The kid COSE Key Common Parameter, see Section 3.2.






Selander & Preuß MattssoExpires 8 September 2022                [Page 2]


Internet-Draft         Integer value key identifer            March 2022


2.  Security Considerations

   There are no additional security considerations compared to key
   identifiers to being byte strings.

3.  IANA Considerations

3.1.  COSE Header Parameters Registry

   IANA has extended the Value Type of kid in the "COSE Header
   Parameters" registry under the group name "CBOR Object Signing and
   Encryption (COSE)" to also allow the Value Type int.  The resulting
   Value Type is bstr / int.  The Value Registry for this item is empty
   and omitted from the table below.

   +------+-------+------------+----------------+
   | Name | Label | Value Type | Description    |
   +------+-------+------------+----------------+
   | kid  |   4   | bstr / int | Key identifier |
   +------+-------+------------+----------------+

3.2.  COSE Key Common Parameters Registry

   IANA has extended the Value Type of kid in the "COSE Key Common
   Parameters" registry under the group name "CBOR Object Signing and
   Encryption (COSE)" to also allow the Value Type int.  The resulting
   Value Type is bstr / int.  The Value Registry for this item is empty
   and omitted from the table below.

   +------+-------+------------+---------------------------+
   | Name | Label | Value Type | Description               |
   +------+-------+------------+---------------------------+
   | kid  |   2   | bstr / int | Key identification value  |
   |      |       |            | - to match kid in message |
   +------+-------+------------+---------------------------+

4.  References

4.1.  Normative References

   [I-D.ietf-cose-rfc8152bis-struct]
              Schaad, J., "CBOR Object Signing and Encryption (COSE):
              Structures and Process", Work in Progress, Internet-Draft,
              draft-ietf-cose-rfc8152bis-struct-15, 1 February 2021,
              <https://www.ietf.org/archive/id/draft-ietf-cose-
              rfc8152bis-struct-15.txt>.





Selander & Preuß MattssoExpires 8 September 2022                [Page 3]


Internet-Draft         Integer value key identifer            March 2022


   [RFC8949]  Bormann, C. and P. Hoffman, "Concise Binary Object
              Representation (CBOR)", STD 94, RFC 8949,
              DOI 10.17487/RFC8949, December 2020,
              <https://www.rfc-editor.org/info/rfc8949>.

4.2.  Informative References

   [I-D.ietf-ace-oauth-authz]
              Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and
              H. Tschofenig, "Authentication and Authorization for
              Constrained Environments (ACE) using the OAuth 2.0
              Framework (ACE-OAuth)", Work in Progress, Internet-Draft,
              draft-ietf-ace-oauth-authz-46, 8 November 2021,
              <https://www.ietf.org/archive/id/draft-ietf-ace-oauth-
              authz-46.txt>.

   [I-D.ietf-lake-reqs]
              Vucinic, M., Selander, G., Mattsson, J. P., and D. Garcia-
              Carrillo, "Requirements for a Lightweight AKE for OSCORE",
              Work in Progress, Internet-Draft, draft-ietf-lake-reqs-04,
              8 June 2020, <https://www.ietf.org/archive/id/draft-ietf-
              lake-reqs-04.txt>.

   [RFC7228]  Bormann, C., Ersue, M., and A. Keranen, "Terminology for
              Constrained-Node Networks", RFC 7228,
              DOI 10.17487/RFC7228, May 2014,
              <https://www.rfc-editor.org/info/rfc7228>.

   [RFC8392]  Jones, M., Wahlstroem, E., Erdtman, S., and H. Tschofenig,
              "CBOR Web Token (CWT)", RFC 8392, DOI 10.17487/RFC8392,
              May 2018, <https://www.rfc-editor.org/info/rfc8392>.

   [RFC8613]  Selander, G., Mattsson, J., Palombini, F., and L. Seitz,
              "Object Security for Constrained RESTful Environments
              (OSCORE)", RFC 8613, DOI 10.17487/RFC8613, July 2019,
              <https://www.rfc-editor.org/info/rfc8613>.

Acknowledgments

Authors' Addresses

   Göran Selander
   Ericsson AB
   SE-164 80 Stockholm
   Sweden
   Email: goran.selander@ericsson.com





Selander & Preuß MattssoExpires 8 September 2022                [Page 4]


Internet-Draft         Integer value key identifer            March 2022


   John Preuß Mattsson
   Ericsson AB
   SE-164 80 Stockholm
   Sweden
   Email: john.mattsson@ericsson.com














































Selander & Preuß MattssoExpires 8 September 2022                [Page 5]