From 53fbe33921297ff57e0e2628eaea65e98de9104b Mon Sep 17 00:00:00 2001 From: Carsten Bormann Date: Mon, 22 Feb 2021 10:18:36 +0100 Subject: [PATCH 1/3] Inconcistencies, markdown usage --- concise-swid-tag.cddl | 6 +++--- draft-ietf-sacm-coswid.md | 28 ++++++++++++---------------- 2 files changed, 15 insertions(+), 19 deletions(-) diff --git a/concise-swid-tag.cddl b/concise-swid-tag.cddl index 023cb24..9eb3c17 100644 --- a/concise-swid-tag.cddl +++ b/concise-swid-tag.cddl @@ -38,7 +38,7 @@ global-attributes = ( * any-attribute, ) -hash-entry = [ +hash-entry = [ hash-alg-id: int, hash-value: bytes, ] @@ -68,7 +68,7 @@ link-entry = { rel => $rel, ? media-type => text, ? use => $use, - * $$link-extension + * $$link-extension, global-attributes, } @@ -172,7 +172,7 @@ evidence-entry = { resource-collection, ? date => integer-time, ? device-id => text, - * $$evidence-extension, + * $$evidence-extension, global-attributes, } diff --git a/draft-ietf-sacm-coswid.md b/draft-ietf-sacm-coswid.md index 8d84539..3424bf4 100644 --- a/draft-ietf-sacm-coswid.md +++ b/draft-ietf-sacm-coswid.md @@ -54,7 +54,6 @@ author: normative: BCP26: RFC8126 BCP178: RFC6648 - RFC2119: RFC3629: RFC3986: RFC5198: @@ -368,8 +367,8 @@ concise-swid-tag = { global-attributes, } -payload-or-evidence //= ( payload => payload-entry ] ) -payload-or-evidence //= ( payload => [ 2* payload-entry ) +payload-or-evidence //= ( payload => payload-entry ) +payload-or-evidence //= ( payload => [ 2* payload-entry ] ) payload-or-evidence //= ( evidence => evidence-entry ) payload-or-evidence //= ( evidence => [ 2* evidence-entry ] ) @@ -475,7 +474,7 @@ The CDDL for the global-attributes follows: ~~~ CDDL global-attributes = ( - ? lang, + ? lang => text, * any-attribute, ) @@ -770,21 +769,22 @@ filesystem-item = ( ? location => text, fs-name => text, ? root => text, - global-attributes, ) file-entry = { filesystem-item, - ? size => integer, + ? size => uint, ? file-version => text, ? hash => hash-entry, * $$file-extension, + global-attributes, } directory-entry = { filesystem-item, - path-elements => { path-elements-group }, + ? path-elements => { path-elements-group }, * $$directory-extension, + global-attributes, } process-entry = { @@ -889,7 +889,7 @@ The CDDL for the evidence-entry map follows: ~~~ CDDL evidence-entry = { resource-collection, - ? date => time, + ? date => integer-time, ? device-id => text, * $$evidence-extension, global-attributes, @@ -919,10 +919,9 @@ In order to create a valid CoSWID document the structure of the corresponding CB adhere to the following CDDL specification. ~~~ CDDL - {::include concise-swid-tag.cddl} - ~~~ +{: markers="true"} {: #semantics-tag-type} # Determining the Type of CoSWID @@ -1520,18 +1519,16 @@ The ISO-19770-2:2015 XML schema uses XML DSIG to support cryptographic signature Signing CoSWID tags follows the procedues defined in CBOR Object Signing and Encryption {{RFC8152}}. A CoSWID tg MUST be wrapped in a COSE Single Signer Data Object (COSE_Sign1) that contains a single signature and MUST be signed by the tag creator. The following CDDL specification defines a restrictive subset of COSE header parameters that MUST be used in the protected header. ~~~~ CDDL - {::include signed-coswid.cddl} - ~~~~ +{: markers="true"} The COSE_Sign structure that allows for more than one signature to be applied to a CoSWID tag MAY be used. The corresponding usage scenarios are domain-specific and require well-specified application guidance. ~~~~ CDDL - {::include signed-coswid_sign.cddl} - ~~~~ +{: markers="true"} Additionally, the COSE Header counter signature MAY be used as an attribute in the unprotected header map of the COSE envelope of a CoSWID. The application of counter signing enables second parties to provide a signature on a signature allowing for a proof that a signature existed at a given time (i.e., a timestamp). @@ -1782,10 +1779,9 @@ require a different signature scheme than this. COSE (CBOR Object Signing and En of header attributes allowed by COSE tailored to suit the requirements of Concise SWID tags. ~~~~ CDDL - {::include signed-coswid.cddl} - ~~~~ +{: markers="true"} Optionally, the COSE_Sign structure that allows for more than one signature to be applied to a CoSWID tag MAY be used. The corresponding usage scenarios are domain-specific and require well-defined application guidance. Representation of the corresponding guidance is out-of-scope of this document. From 470dff3ebb66d5eab5dcd241f1e1d155eb1f577c Mon Sep 17 00:00:00 2001 From: Carsten Bormann Date: Mon, 22 Feb 2021 10:23:33 +0100 Subject: [PATCH 2/3] Add scriptlet --- check-cddl.sh | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 check-cddl.sh diff --git a/check-cddl.sh b/check-cddl.sh new file mode 100644 index 0000000..b494567 --- /dev/null +++ b/check-cddl.sh @@ -0,0 +1,3 @@ +kdrfc -3 draft-ietf-sacm-coswid.md +LANG=C xpath draft-ietf-sacm-coswid.xml "//sourcecode[@type='CDDL']/text()" >.extracted.cddl +cddl .extracted.cddl g From 51f358dc0e65ee32f4833977241b37765c2a2f70 Mon Sep 17 00:00:00 2001 From: Henk Birkholz Date: Mon, 22 Feb 2021 10:26:30 +0100 Subject: [PATCH 3/3] Update draft-ietf-sacm-coswid.md --- draft-ietf-sacm-coswid.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/draft-ietf-sacm-coswid.md b/draft-ietf-sacm-coswid.md index 3424bf4..ed0d9ff 100644 --- a/draft-ietf-sacm-coswid.md +++ b/draft-ietf-sacm-coswid.md @@ -368,9 +368,7 @@ concise-swid-tag = { } payload-or-evidence //= ( payload => payload-entry ) -payload-or-evidence //= ( payload => [ 2* payload-entry ] ) payload-or-evidence //= ( evidence => evidence-entry ) -payload-or-evidence //= ( evidence => [ 2* evidence-entry ] ) tag-id = 0 software-name = 1