| Internet-Draft | Integer value key identifer | March 2022 |
| Selander & Preuß Mattsson | Expires 8 September 2022 | [Page] |
This document extends the CBOR Object Signing and Encryption (COSE) parameter kid to CBOR integer values.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 8 September 2022.¶
Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Many Internet of Things (IoT) deployments require technologies which are highly performant in constrained environments [RFC7228]. The connectivity for these settings may exhibit extremely restricted bandwidth constraints, for which byte level optimizations are motivated, see [I-D.ietf-lake-reqs].¶
The use of CBOR [RFC8949] enables a compact encoding of protected data as COSE objects [I-D.ietf-cose-rfc8152bis-struct], which is a basic building block in various IoT security settings such as CWT [RFC8392], OSCORE [RFC8613], and ACE-OAuth [I-D.ietf-ace-oauth-authz]. COSE defines the key identifier parameter kid used to identify keys used in the COSE object.¶
The value of the kid parameter is specified to be encoded as a CBOR byte string, which (with the exception of the empty string) requires at least two bytes on the wire. For comparison, CBOR encoding of small integers (-24, ..., 23) need only one byte on the wire. Since many IoT deployments may use local identifiers for which a few unique identifiers are sufficient, the use of CBOR integers as key identifiers would reduce the overhead due to transport of COSE objects.¶
This specification amends this limitation by extending the COSE parameter kid to allow CBOR integer values. kid is used in two instances in COSE, which both need to be extended to CBOR int encoding:¶
kid COSE header parameter, see Section 3.1.¶
kid COSE Key Common Parameter, see Section 3.2.¶
There are no additional security considerations compared to key identifiers to being byte strings.¶
IANA has extended the Value Type of kid in the "COSE Header Parameters" registry under the group name "CBOR Object Signing and Encryption (COSE)" to also allow the Value Type int. The resulting Value Type is bstr / int. The Value Registry for this item is empty and omitted from the table below.¶
+------+-------+------------+----------------+ | Name | Label | Value Type | Description | +------+-------+------------+----------------+ | kid | 4 | bstr / int | Key identifier | +------+-------+------------+----------------+¶
IANA has extended the Value Type of kid in the "COSE Key Common Parameters" registry under the group name "CBOR Object Signing and Encryption (COSE)" to also allow the Value Type int. The resulting Value Type is bstr / int. The Value Registry for this item is empty and omitted from the table below.¶
+------+-------+------------+---------------------------+ | Name | Label | Value Type | Description | +------+-------+------------+---------------------------+ | kid | 2 | bstr / int | Key identification value | | | | | - to match kid in message | +------+-------+------------+---------------------------+¶