-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rework ECT comparison section to match new internal representation #289
base: main
Are you sure you want to change the base?
Conversation
Co-authored-by: Dionna Amalie Glaze <dionnaglaze@google.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See multiple comments
draft-ietf-rats-corim.md
Outdated
|
||
Note: CBOR tags are useful for discriminating values amongst alternates, but the comparison of tagged values is still determined by the codepoint they appear under. It is recommended but not required to compare values with a specific CBOR tag the same way across codepoints. For this reason, it is recommended to specify a default comparison algorithm with the CBOR tag's registration. | ||
If the codepoint key is negative then the Verifier MAY use a comparison algorithm defined by the appropriate CoRIM profile to compare the claims. | ||
The codepoint number, the profile associated with the condition ECT, and the tag value (if present) shall be used to select the algorithm. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The "select" wording does not resonate with me. We are documenting the algorithms here. Can't we just write a section for each code point and describe the comparison algorithm?
Co-authored-by: Ned Smith <ned.smith@intel.com>
A Verifier MAY treat two keys as equal if they have different formats but represent the same key. | ||
For example, a Verifier may contain code to compare a key fingerprint against the key which, when hashed, creates that fingerprint. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A Verifier MAY treat two keys as equal if they have different formats but represent the same key. | |
For example, a Verifier may contain code to compare a key fingerprint against the key which, when hashed, creates that fingerprint. |
This kind of optional behavior could result in different verifiers arriving at a different result given the same inputs.
It is safer if the Verifier simply compared the "keys" (aka authority values) as opaque values rather than try to do format translation to a universal form.
This is the first edit to section 8.9 - it aligns the terminology with the change to ECT internal representation
It also defines the comparison rules for raw-value (codepoint 4 and 5).