Skip to content

Support COSE Hash Envelope for Blob COSE signature #1226

New issue
New issue
Open
Feature
Open
Support COSE Hash Envelope for Blob COSE signature#1226
Feature
Assignees
yizha1
Labels
enhancementNew feature or requestspec requiredSpecification is required for the issue
Milestone
2.0.0-beta.1
@yizha1

Description

@yizha1
yizha1
opened on Mar 17, 2025

Is your feature request related to a problem?

The current Blob COSE signature uses a JSON format payload, which requires an additional JSON decoder to process the signature payload. This approach is not optimal, especially for low-power devices, as it reduces efficiency and undermines the goal of using COSE signatures.

An ongoing IETF proposal describes enhancements to COSE detached signatures. You can find the proposal here: COSE Hash Envelope Draft. Once the IETF proposal is approved, the Notary Project will no longer align with the industry standard, resulting in potential interoperability and compatibility challenges.

What solution do you propose?

In the IETF proposal, new parameters such as media type and hash algorithm are added to the protected header. The payload parameter contains the hash value of the blob content. Below is a table showing how the parameters and headers in the COSE Hash Envelope can represent the parameters defined in the Notary Project Blob signature payload:

Notary Project Blob siganture payload parameter COSE Hash Envelope
mediatype protected.media_type
digest payload and protected.hash_alg
size NA
annotations NA

The COSE Hash Envelope does not include a size parameter. While it is theoretically possible for different content sizes to produce the same hash value, this is extremely unlikely with modern cryptographic hash functions like SHA-256, which are designed to make collisions highly improbable. So, it is acceptable without size parameter.

Regarding the annotations field, it is optional, and the scenarios for blobs to use these annotations are unclear. If needed in the future, a Notary-specific CoseHeaderValue can be registered with the IETF to store additional Notary-specific information.

This issue proposes that the Notary Project Blob COSE signature adopt the COSE Hash Envelope as the default signature format. The benefits include:

  • IETF Standard: Ensures interoperability and compatibility.
  • Optimized for COSE: Removes the use of JSON payloads, making it more efficient, especially for low-power device scenarios.

Since the IETF proposal is still in draft form, an alpha/beta version of both specifications and implementations can be released initially. Once the IETF draft is approved, the implementation can be stabilized.

What alternatives have you considered?

No

Any additional context?

No response

Metadata

Metadata

Assignees

Labels

enhancementNew feature or requestspec requiredSpecification is required for the issue

Type

Feature

Projects

Notary Project Planning Board

Status

Todo

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions