Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Language for signer inheritance #377

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

Language for signer inheritance #377

Changes from 1 commit
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
a633d3d
Language for signer inheritance
deeglaze Feb 12, 2025
fd6f80f
Fix TLS example.
deeglaze Feb 12, 2025
de2091a
Remove example and clarify context.
deeglaze Feb 12, 2025
6132f97
Move signer assignment to its own section.
deeglaze Feb 12, 2025
a865e37
Update corim-role-type-choice.cddl
nedmsmith Feb 12, 2025
5df10ee
Create corim-roles.diag
nedmsmith Feb 12, 2025
b4c58c3
Update draft-ietf-rats-corim.md
deeglaze Feb 13, 2025
d51c27b
Update draft-ietf-rats-corim.md
deeglaze Feb 13, 2025
5cd1669
Add CoRIM bundle CMW text and example.
deeglaze Feb 15, 2025
6bda931
Change corim-meta "header" to "statement"
deeglaze Feb 18, 2025
4decf89
Add CMW CDDL
deeglaze Feb 18, 2025
4be9c24
Use verbose cbor-record for CMW example.
deeglaze Feb 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions draft-ietf-rats-corim.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,8 @@ For more detail, see {{sec-corim-profile-types}}.
A CoRIM can be signed ({{sec-corim-signed}}) using COSE Sign1 to provide end-to-end security to the CoRIM contents.
When CoRIM is signed, the protected header carries further identifying information about the CoRIM signer.
Alternatively, CoRIM can be encoded as a #6.501 CBOR-tagged payload ({{sec-corim-map}}) and transported over a secure channel.
If a CoRIM is contained within a larger signed document or message, there MUST be a single signer assigned to the scope of the CoRIM as part of the document's specification or protocol conveying the message, respectively.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would phrase the statement something like this.

`A CoRIM can be used without signature protection (please see unsigned-corim-map),

For example, an application may use TLS to transmit an unsigned CORIM and specify that the signer
is the public key in the Certificate Message.

Alternatively an unsigned CoRIM can be a part of a RATS Message which itself is signed (example a signed CMW).
In such cases the authority of CoRIM is delegated to the signer encapsulating the CoRIM.`

For example, an application may use TLS to transmit an unsigned CoRIM and specify that the signer is the public key in the Hello message.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Worth adding CMW as another example.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't want to make a circular citation since CMW references CoRIM.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No problem with that. These are "weak" links since the references are both informative.


The following CDDL describes the top-level CoRIM.

Expand Down