Skip to content

Commit

Permalink
Merge pull request #30 from ietf-scitt/legenda
Browse files Browse the repository at this point in the history 
Move detailed diagrams up a level
  • Loading branch information
@thomas-fossati
thomas-fossati authored Sep 10, 2024
2 parents 591f55d + ecd0748 commit 3cdeeaa
Show file tree
Hide file tree
Showing 4 changed files with 76 additions and 44 deletions.
26 changes: 26 additions & 0 deletions ascii-art/ctt-alt.ascii-art
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
.--------. .-----.
| Signer | | TSA |
+--------+----------------------------------. +-----+-------------.
| .-------------. .-----------. .-------. | | .-------------. |
| / private-key / | protected | | datum | | | / private-key / |
| '-----+-------' '---+-------' '---+---' | | '------+------' |
| | | | | | | |
| +---------------+------------' | | | |
| | | | .+. |
| v .---------. | | | L | Clock |
| .---------. .----. | message | | | '+' |
| | Sign1 +->+ hash +->+ Imprint +-------->| | |
| '-+-------' '----' '---------' | | v |
| | .-------. | | .---------. |
| | | nonce +--------->| | timestamp | |
| | '-------' | | '---------' |
'----|--------------------------------------' '---------+---------'
| .-------------. |
+-------------+-----------+ | unprotected | |
| | | | .-----. | |
[protected] [payload] [signature] | | TST |<-----'
| | | | '-----' |
| v v '------+------'
| .-------+------------+-----. |
'--->+ rfc3161-ctt COSE +<-----'
'--------------------------'
8 changes: 8 additions & 0 deletions ascii-art/legenda.ascii-art
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
.---------.
| Legenda |
.-----------------------------------------------------------+---------+
| data key operation label clock |
| .------. .-----. .---------. .-. |
| | | / / | | [ ] | L | |
| '------' '-----' '---------' '-' |
'---------------------------------------------------------------------'
27 changes: 27 additions & 0 deletions ascii-art/ttc-alt.ascii-art
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
.--------. .-----.
| Signer | | TSA |
+--------+----------------------------------. +-----+-------------.
| .-------------. .-------. | | .-------------. |
| / private-key / | nonce +-------->+ / private-key / |
| '-+-----------' '-------' | | '------+------' |
| | .---------. | | | |
| | .-------. .----. | message | | | | |
| | + datum +->+ hash +->+ Imprint +------->+ .+. |
| | '-+-----' '----' '---------' | | | L | Clock |
| | | | | '+' |
| | | .-------------. | | | |
| v v | protected | | | v |
| .-------. | .-----. | | | .---------. |
| | Sign1 +<-----------+ | TST |<----------+ | timestamp | |
| '-+-----' | '-----' | | | '---------' |
| | '-------------' | | |
'----|--------------------------------------' '-------------------'
| .-------------.
+-------------+-----------+ | unprotected |
| | | | .-----. |
[protected] [payload] [signature] | | ... | |
| | | | '-----' |
| v v '------+------'
| .-------+------------+-----. |
'--->+ rfc3161-ttc COSE +<-----'
'--------------------------'
59 changes: 15 additions & 44 deletions draft-birkholz-cose-tsa-tst-header-parameter.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,10 @@ author:
contributor:
- name: Carsten Bormann
email: [email protected]
contribution: Carsten contributed part of the security considerations.
- name: Orie Steele
email: [email protected]
contribution: Orie contributed an improved version of the diagrams.

normative:
STD70:
Expand Down Expand Up @@ -87,6 +91,10 @@ This usage scenario motivates the "COSE then Timestamp" mode described in {{sec-

There are two different modes of composing COSE protection and timestamping, motivated by the usage scenarios discussed above.

The diagrams in this section illustrate the processing flow of the specified modes.
For simplicity, only the `COSE_Sign1` processing is shown.
Similar diagrams for `COSE_Sign` can be derived by allowing multiple `private-key` boxes and replacing the label `[signature]` with `[signatures]`.

## Timestamp then COSE (TTC) {#sec-timestamp-then-cose}

{{fig-timestamp-then-cose}} shows the case where a datum is first digested and submitted to a TSA to be timestamped.
Expand All @@ -98,21 +106,13 @@ A signed COSE message is then built as follows:
* The obtained timestamp token is added to the protected headers,
* The original datum becomes the payload of the signed COSE message.

The message imprint sent to the TSA ({{Section 2.4 of -TSA}}) MUST be the hash of the payload field of the COSE signed object.

~~~ aasvg
.---------. .---------------. .----------------------.
| payload +------------->| Sig_structure +---->| COSE_Sign/COSE_Sign1 |
'----+----' '---------------' '----------------------'
| ^
| .---. |
| | | .-----. |
'--->| TSA +---->| TST +---'
| | '-----'
'---'
{::include ascii-art/ttc-alt.ascii-art}
~~~
{: #fig-timestamp-then-cose artwork-align="center"
title="Timestamp, then COSE (TTC)"}

The message imprint sent to the TSA ({{Section 2.4 of -TSA}}) MUST be the hash of the payload field of the COSE signed object.
title="Timestamp, then COSE (TCC)"}

## COSE then Timestamp (CTT) {#sec-cose-then-timestamp}

Expand All @@ -122,19 +122,7 @@ The obtained timestamp token is then added back as an unprotected header into th
This mode is utilized when a record of the timing of the signature operation is desired.

~~~ aasvg
.----------------------. .-----.
| COSE_Sign/COSE_Sign1 |<--------+ TST |
'----+-----------------' '-----'
| ^
v |
.----------------------. |
| signatures/signature | |
'----+-----------------' |
| .---. |
| | | |
'------------------->| TSA +---'
| |
'---'
{::include ascii-art/ctt-alt.ascii-art}
~~~
{: #fig-cose-then-timestamp artwork-align="center"
title="COSE, then Timestamp (CTT)"}
Expand All @@ -160,8 +148,8 @@ The `3161-ctt` COSE _unprotected_ header parameter MUST be used for the mode des

The message imprint sent in the request to the TSA MUST be either:

* the hash of the signature field of the COSE_Sign1 message.
* the hash of the signatures field of the COSE_Sign message.
* the hash of the signature field of the `COSE_Sign1` message.
* the hash of the signatures field of the `COSE_Sign` message.

In either case, to minimize dependencies, the hash algorithm SHOULD be the same as the algorithm used for signing the COSE message.
This may not be possible if the timestamp token has been obtained outside the processing context in which the COSE object is assembled.
Expand Down Expand Up @@ -209,23 +197,6 @@ IANA is requested to add the COSE header parameters defined in {{tbl-new-hdrs}}

--- back

# Diagrams

The diagrams in this appendix illustrate the processing flow of the modes specified in {{sec-timestamp-then-cose}} and {{sec-cose-then-timestamp}} respectively.

For simplicity, only the `COSE_Sign1` processing is shown.
Similar diagrams for `COSE_Sign` can be derived by allowing multiple `SK_cose` boxes and replacing the label `[signature]` with `[signatures]`.

~~~ aasvg
{::include ascii-art/ttc.ascii-art}
~~~
{: #fig-ttc artwork-align="left" title="Timestamp then COSE"}

~~~ aasvg
{::include ascii-art/ctt.ascii-art}
~~~
{: #fig-ctt artwork-align="left" title="COSE then Timestamp"}

# Acknowledgments
{:unnumbered}

Expand Down

0 comments on commit 3cdeeaa

Please sign in to comment.