Merge pull request #53 from ietf-rats-wg/authorized-by+thumbprint

allow key thumbprints as authorized-by
ietf-rats-wg · Feb 28, 2023 · 5d27892 · 5d27892
2 parents 51e3332 + 56c0339
commit 5d27892
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 1 deletion.
diff --git a/.gitignore b/.gitignore
@@ -14,7 +14,12 @@ report.xml
 *.swp
 .tags
 /.targets.mk
-*.txt
+draft-*.txt
 *.upload
 /versioned/
 /.vscode/
+!cddl/cbor-tags.txt
+*.cbor
+*.pretty
+cddl/concise-swid-tag.cddl
+cddl/*-autogen.cddl
diff --git a/cddl/cbor-tags.txt b/cddl/cbor-tags.txt
@@ -11,4 +11,5 @@ tagged-min-svn = #6.553(min-svn)
 tagged-pkix-base64-key-type = #6.554(tstr)
 tagged-pkix-base64-cert-type = #6.555(tstr)
 tagged-pkix-base64-cert-path-type = #6.556(tstr)
+tagged-thumbprint-type = #6.557(digest)
 $raw-value-type-choice /= #6.560(bytes)
diff --git a/cddl/crypto-key-type-choice.cddl b/cddl/crypto-key-type-choice.cddl
@@ -1,7 +1,9 @@
 $crypto-key-type-choice /= tagged-pkix-base64-key-type
 $crypto-key-type-choice /= tagged-pkix-base64-cert-type
 $crypto-key-type-choice /= tagged-pkix-base64-cert-path-type
+$crypto-key-type-choice /= tagged-thumbprint-type
 
 tagged-pkix-base64-key-type = #6.554(tstr)
 tagged-pkix-base64-cert-type = #6.555(tstr)
 tagged-pkix-base64-cert-path-type = #6.556(tstr)
+tagged-thumbprint-type = #6.557(digest)
diff --git a/draft-ietf-rats-corim.md b/draft-ietf-rats-corim.md
@@ -893,6 +893,11 @@ A cryptographic key can be one of the following formats:
   certificates MUST be concatenated in order so that each directly certifies
   the one preceding.
 
+A fourth format is used to represent thumbprints of raw keys or certificated
+keys:
+
+* `tagged-thumbprint-type`: hash of a certificate or raw public key.
+
 ~~~ cddl
 {:include cddl/crypto-key-type-choice.cddl}
 ~~~