-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signature field clarification in attestation statement #805
Conversation
This specifies the signature format for the packed attestation, which is good, but that would leave the assertion signature format still under-specified. (The assertion signature was what I was testing with Chrome and Firefox since I do not have any tokens that speak CTAP2 and thus could have a packed attestation.) |
Moved that information is individual section in the same vicinity of both assertion signature and attestation statements signature. |
index.bs
Outdated
@@ -2789,6 +2789,50 @@ the [=authenticator=] MUST: | |||
attStmtTemplate .within $$attStmtType | |||
``` | |||
|
|||
### Signature Formats ### {#signature-attestation-types} | |||
- For COSEAlgorithmIdentifier -7 (ES256), `sig` contains a pair of 32-byte integers, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The r
and s
values might not be 32 bytes long in this encoding, and I think the reference for the encoding is RFC 3278 section 3.3.2. So I've say something like:
For {{COSEAlgorithmIdentifier}} -7 (ES256), and other ECDSA-based algorithms, a signature is encoded as an ASN.1 DER Ecdsa-Sig-Value
, as defined in [[RFC3279]] section 3.3.1.
(Then drop the added reference to X9.62.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks
index.bs
Outdated
|
||
``` | ||
Example: | ||
30 44 ; SEQUENCE (44 Bytes) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The lengths in the comments here are in hex (i.e. "44 Bytes" is 0x44 bytes). But typically such numbers are in base 10.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah.. Yeah, I was using my certutil tool. Will fix it.
index.bs
Outdated
Example: | ||
30 44 ; SEQUENCE (44 Bytes) | ||
02 20 ; INTEGER (20 Bytes) | ||
| 3d 46 28 7b 8c 6e 8c 8c 26 1c 1b 88 f2 73 b0 9a |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(There are |
symbols at the start of these two lines, but not below.)
index.bs
Outdated
09 24 2c 13 0b af 30 16 a5 0f 75 ef 99 5f 9b f7 | ||
ed b0 a6 36 74 0e 90 dc 52 3b 4b 7d c5 eb f8 19 | ||
``` | ||
- For COSEAlgorithmIdentifier -37 (RS256), `sig` contains the signature generated using the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/RS256/PS256/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oops. thanks.
index.bs
Outdated
RSASSA-PKCS1-v1_5 signature scheme defined in [[RFC8017]] with SHA256 as the hash function. | ||
``` | ||
Example: | ||
87 38 c6 f7 7d 53 3a 7e 73 27 2e 4b 9d 45 c7 19 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This example is just 2,048 random bits, right? Dunno how helpful that is :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah.. Not helpful. Lets remove that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is close but still ambiguous in some important ways. Please apply the corrections suggested in the line-by-line comments.
index.bs
Outdated
@@ -2789,6 +2789,50 @@ the [=authenticator=] MUST: | |||
attStmtTemplate .within $$attStmtType | |||
``` | |||
|
|||
### Signature Formats ### {#signature-attestation-types} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please make this title more specific clearly restrict its scope to only the kinds of signatures that it applies to. Right now it reads like it applies to all signatures.
For instance, the new title could be "Signature Formats for Packed Attestations and Assertion Signatures" (if that's the correct scoping).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed to added FIDO-U2F attestation format also.
index.bs
Outdated
ASN.1 DER format defined in [[ANSI.X9-62.2005]] and [[FIPS.186-4.2013]]. | ||
|
||
Note: As CTAP1/U2F devices are already producing signatures in this format, CTAP2 | ||
devices will also produce signatures in same format for consistency. Otherwise, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change "in same format for consistency" to "in same format, for consistency reasons"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed.
index.bs
Outdated
|
||
Note: As CTAP1/U2F devices are already producing signatures in this format, CTAP2 | ||
devices will also produce signatures in same format for consistency. Otherwise, | ||
newer attestation formats MUST use COSE_KEY signature formats as defined in |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change "newer attestation formats MUST use COSE_KEY signature formats" to "it is recommended that any new attestation formats defined not use ASN.1 encodings, but instead represent signatures as equivalent fixed-length byte arrays without internal structure, using the same representations as used by COSE signatures"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed
index.bs
Outdated
Note: As CTAP1/U2F devices are already producing signatures in this format, CTAP2 | ||
devices will also produce signatures in same format for consistency. Otherwise, | ||
newer attestation formats MUST use COSE_KEY signature formats as defined in | ||
[[IANA-COSE-ALGS-REG]]. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change [[IANA-COSE-ALGS-REG]] to [[!RFC8152]].
index.bs
Outdated
17 6c 92 bb 8e 36 c0 41 98 a2 7b 90 9b 6e 8f 13 | ||
``` | ||
- For COSEAlgorithmIdentifier -257 (RS256), `sig` contains the signature generated using the | ||
RSASSA-PKCS1-v1_5 signature scheme defined in [[RFC8017]] with SHA256 as the hash function. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add a section number reference within RFC 8017 and say that you're including (or not including) the ASN.1 wrapper for the signature. Just saying RFC 8017 is ambiguous, because it defines both the raw signature bytes and an ASN.1 wrapper for those bytes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(Referencing the section is a good idea in any case, but I don't believe that there is an ASN.1-based format for an RSA signature.)
index.bs
Outdated
ed b0 a6 36 74 0e 90 dc 52 3b 4b 7d c5 eb f8 19 | ||
``` | ||
- For COSEAlgorithmIdentifier -37 (RS256), `sig` contains the signature generated using the | ||
RSASSA-PSS signature scheme defined in [[RFC8017]] with SHA256 as the hash function. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add a section number reference within RFC 8017 and say that you're including (or not including) the ASN.1 wrapper for the signature. Just saying RFC 8017 is ambiguous, because it defines both the raw signature bytes and an ASN.1 wrapper for those bytes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please apply the four punctuation corrections below before merging.
index.bs
Outdated
@@ -2789,6 +2789,31 @@ the [=authenticator=] MUST: | |||
attStmtTemplate .within $$attStmtType | |||
``` | |||
|
|||
### Signature Formats for Packed Attestation, FIDO U2F Attestation and Assertion Signatures ### {#signature-attestation-types} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Put a comma after "FIDO U2F Attestation"
index.bs
Outdated
devices will also produce signatures in same format, for consistency reasons. | ||
It is recommended that any new attestation formats defined not use ASN.1 encodings, | ||
but instead represent signatures as equivalent fixed-length byte arrays without internal structure, | ||
using the same representations as used by COSE signatures as defined in [[!RFC8152]] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're missing a period at the end of this sentence.
index.bs
Outdated
| 17 6c 92 bb 8e 36 c0 41 98 a2 7b 90 9b 6e 8f 13 | ||
``` | ||
- For COSEAlgorithmIdentifier -257 (RS256), `sig` contains the signature generated using the | ||
RSASSA-PKCS1-v1_5 signature scheme defined in section 8.2.1 in [[RFC8017]] with SHA256 as the hash function. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change SHA256 to SHA-256.
index.bs
Outdated
- For COSEAlgorithmIdentifier -257 (RS256), `sig` contains the signature generated using the | ||
RSASSA-PKCS1-v1_5 signature scheme defined in section 8.2.1 in [[RFC8017]] with SHA256 as the hash function. | ||
- For COSEAlgorithmIdentifier -37 (PS256), `sig` contains the signature generated using the | ||
RSASSA-PSS signature scheme defined in section 8.1.1 in [[RFC8017]] with SHA256 as the hash function. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change SHA256 to SHA-256.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems nominally ok though could use some further polishing as noted below.
index.bs
Outdated
@@ -2789,6 +2789,31 @@ the [=authenticator=] MUST: | |||
attStmtTemplate .within $$attStmtType | |||
``` | |||
|
|||
### Signature Formats for Packed Attestation, FIDO U2F Attestation, and Assertion Signatures ### {#signature-attestation-types} | |||
- For COSEAlgorithmIdentifier -7 (ES256), and other ECDSA-based algorithms, | |||
a signature is encoded as an ASN.1 DER Ecdsa-Sig-Value, as defined in [[RFC3279]] section 3.3.1. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AFAICT there is no "section 3.3.1" in RFC3279. Is the section you actually want to ref https://tools.ietf.org/html/rfc3279#section-2.2.3 ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh Yes. I mistakenly blindly copied.
index.bs
Outdated
@@ -2789,6 +2789,31 @@ the [=authenticator=] MUST: | |||
attStmtTemplate .within $$attStmtType | |||
``` | |||
|
|||
### Signature Formats for Packed Attestation, FIDO U2F Attestation, and Assertion Signatures ### {#signature-attestation-types} | |||
- For COSEAlgorithmIdentifier -7 (ES256), and other ECDSA-based algorithms, | |||
a signature is encoded as an ASN.1 DER Ecdsa-Sig-Value, as defined in [[RFC3279]] section 3.3.1. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
suggest:
s/ a signature is / a signature value is /
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed.
index.bs
Outdated
a signature is encoded as an ASN.1 DER Ecdsa-Sig-Value, as defined in [[RFC3279]] section 3.3.1. | ||
|
||
Note: As CTAP1/U2F devices are already producing signatures in this format, CTAP2 | ||
devices will also produce signatures in same format, for consistency reasons. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
suggest:
s/ signatures / signature values / in both places above
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed.
index.bs
Outdated
devices will also produce signatures in same format, for consistency reasons. | ||
It is recommended that any new attestation formats defined not use ASN.1 encodings, | ||
but instead represent signatures as equivalent fixed-length byte arrays without internal structure, | ||
using the same representations as used by COSE signatures as defined in [[!RFC8152]]. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
suggest:
s/ [[!RFC8152]] / [[!RFC8152]] and [[!RFC8230]] /
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed.
index.bs
Outdated
but instead represent signatures as equivalent fixed-length byte arrays without internal structure, | ||
using the same representations as used by COSE signatures as defined in [[!RFC8152]]. | ||
|
||
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it appears that the below example is ASN.1-wrapped. If so, I would move it up above the Note: (presently above), because having it down here is confusing -- i was expecting a "raw" fixed-length example to go with the Note.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moved.
@@ -4963,5 +4988,15 @@ for their contributions as our W3C Team Contacts. | |||
"href": "https://www.internet2.edu/media/medialibrary/2013/09/04/internet2-mace-dir-eduperson-200604.html", | |||
"date": "May 15, 2007" | |||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
need a comma here to get spec to build properly
index.bs
Outdated
"ANSI.X9-62.2005": { | ||
"title": "Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), ANSI X9.62-2005", | ||
"date": "November 2005" | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
need a comma here to get spec to build properly
@@ -4963,5 +4988,15 @@ for their contributions as our W3C Team Contacts. | |||
"href": "https://www.internet2.edu/media/medialibrary/2013/09/04/internet2-mace-dir-eduperson-200604.html", | |||
"date": "May 15, 2007" | |||
} | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
neither of the below references are cited in the above prose re "COSEAlgorithmIdentifier -7 (ES256)", so am wondering why they are here? Yes, tokbind-protocol cites them, but we are instead citing [[RFC3279]] which seems to obviate citing the former two refs.
seems like we can either cite [[RFC3279]] or do it like tokbind and cite the below. I suppose either works for me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removing.
@@ -2789,6 +2789,31 @@ the [=authenticator=] MUST: | |||
attStmtTemplate .within $$attStmtType | |||
``` | |||
|
|||
### Signature Formats for Packed Attestation, FIDO U2F Attestation, and Assertion Signatures ### {#signature-attestation-types} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would more clearly explain that with respect to [=assertion signatures=] that this is for assertions produced using the three listed signature algorithms.
what about any of the other COSE sig algorithms ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
They will refer to COSE document.
index.bs
Outdated
| 4e 72 23 6e a3 90 a9 a1 7b cf 5f 7a 09 d6 3a b2 | ||
| 17 6c 92 bb 8e 36 c0 41 98 a2 7b 90 9b 6e 8f 13 | ||
``` | ||
- For COSEAlgorithmIdentifier -257 (RS256), `sig` contains the signature generated using the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AFAICT the sig values produced by [[RFC8017]] sections 8.1.1 and 8.2.1 are not ASN.1-wrapped. If that is correct, would a Note: to that effect be helpful to readers here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure.
Fixes #799 |
index.bs
Outdated
@@ -4968,6 +4997,7 @@ for their contributions as our W3C Team Contacts. | |||
"title": "EduPerson Object Class Specification (200604a)", | |||
"href": "https://www.internet2.edu/media/medialibrary/2013/09/04/internet2-mace-dir-eduperson-200604.html", | |||
"date": "May 15, 2007" | |||
} | |||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Delete the common from this line so that it becomes legal JSON.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good to go once the one missing "the" is added.
index.bs
Outdated
``` | ||
|
||
Note: As CTAP1/U2F devices are already producing signatures values in this format, CTAP2 | ||
devices will also produce signatures values in same format, for consistency reasons. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change "same format" to "the same format"
* Sig Clarification * Sig Clarification 2 * Clarify that ECDSA is ASN.1 DER format * Exception for ECDSA for consistency * Put Signature formats in its own section * typo * Incorporating comments * Incorporating comments-2 * Incorporating comments-3 * Incorporating comments-4 * Json comma issue * Incorporating comments - 6
Fixes #799
Preview | Diff