Signature-Verification Object:
Framework

Draft; do not implement.

Introduction

When using cryptographic signatures in network messages, there arises a need to amend the signature with additional data, in order to locate associated data required to verify the signature.

This document proposes a method of expressing said associated data.

Document conventions

Key words

The key words ‘MUST,’ ‘MUST NOT,’ ‘REQUIRED,’ ‘SHALL,’ ‘SHALL NOT,’ ‘SHOULD,’ ‘SHOULD NOT,’ ‘RECOMMENDED,’ ‘NOT RECOMMENDED,’ ‘MAY,’ and ‘OPTIONAL’ in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

Objects, fields and values

An object is an abstract object, a field is an abstract field and a value is an abstract value as defined by Abstract Values. [VALUES]

Field name shorthand

All words written #likeThis in this document, when the word begins with #, MUST be prefixed with urn:uuid:4eead1d2-82ae-4772-83cf-eddf9ded613a in order to form the full word.

For example, #example is a shorthand notation for urn:uuid:4eead1d2-82ae-4772-83cf-eddf9ded613a#example.

Signer object

A signer object is an object. It represents an entity, which is in control of it and generates SDOs associated with it.

The object type of a signer object is #Signer.

The field #signer-id is REQUIRED. Its value is a reference, called a signer identifier, which uniquely identifies the signer object on a network.

The field #svo-list is REQUIRED. Its value is an SVO list.

An application determines whether a signer object is trusted using some application-defined mechanism.

Signature-data object

A signature data object (SDO) is an object. It represents a cryptographic signature.

The object type of an SDO is #SDO.

The field #data is REQUIRED. Its value is signature output. It is the SDO's signature data.

The field #signer-id is REQUIRED. Its value is a signer identifier, which identifies the associated signer object. It is the SDO's signer.

The field #svo-id is REQUIRED. Its value is an SVO-ID, which identifies the associated SVO of the signer.

The field #ctime is REQUIRED. Its value is a timestamp, of when the signature was generated. It is the SDO's creation time.

The field #etime is OPTIONAL. Its value is a timestamp, of when the signature expires, It is the SDO's expiration time.

If #etime is absent, the SDO never expires.

If the current time is equal to or after #etime, the SDO is expired.

Signature-verification object

A signature-verification object (SVO) is an object. It contains data required to verify an SDO.

The object type of an SVO is #SVO.

An SVO list is a set of SVOs.

The field #svo-id is REQUIRED. Its value is a character sequence, called a signature-verification object identifier (SVO-ID), which uniquely identifies this SVO within an SVO list.

The length of an SVO-ID MUST be between 1 and 63 characters, which MUST all be within the range from U+0021 to U+007E.

Validity period

The field #since is REQUIRED. Its value is a timestamp.

The field #until is REQUIRED. Its value is a timestamp.

If the current time is before #since or after #until, the SVO is obsolete; otherwise it is current.

Signature scheme

The field #scheme is REQUIRED. Its value is a reference to a signature scheme.

A signature scheme defines two functions and additional fields of an SVO.

The first function, the generator, takes application-defined signature input and other, scheme-defined parameters as input, and returns scheme-defined signature output, which as a value is a bit sequence.

The second function, the verifier, takes signature output and an SVO as input, and returns whether the signature output is correct or incorrect.

Signature history

Once an SVO becomes obsolete, the field #history becomes REQUIRED; otherwise it is OPTIONAL. Its value is the SVO's history, a list of objects with the following REQUIRED fields:

#past-refs
list: set of SDO references
#past-sigs
sigs: set of SDOs

An SDO reference is an object with the following REQUIRED fields:

#ctime
creation time of an SDO
#data
signature data of an SDO

An octet sequence is generated by appending #ctime, then #data, for each SDO reference in list, ordered by #ctime in ascending order. The #ctime is represented as <date-time> as defined in [RFC3339].

This octet sequence is signature input to a generator that returns signature output for SDOs in sigs.

The list MAY NOT be exhaustive. Whether an SDO reference is needed or not depends on the application.

The history MAY have zero elements.

SDO evaluation

An SDO is evaluated against an SVO in order to determine whether the SDO is valid or invalid.

Evaluation is done in the following order:

  1. Let sdo be the evaluated SDO.
  2. Let svo be the SVO sdo is being evaluated against.
  3. If sdo is expired, return invalid.
  4. If signature data of sdo is incorrect according to the verifier of svo, return invalid.
  5. If svo is current: return valid if the signer is trusted; return invalid otherwise.
  6. Otherwise, iterate history of svo and look for an object: If a matching object was found, return valid.
  7. Otherwise, iterate history of svo and look for an object: If a matching object was found, return valid.
  8. Otherwise, return invalid.

This prevents a malicious actor from generating counterfeit SDOs verified with an SVO that is obsolete, in the future after the SVO became obsolete. (An SDO with a counterfeit creation time.) This is for applications like databases which need to store SDOs for very long periods of time, where asking the signer to periodically resign the data is infeasible.

SVO retrieval function

An SVO retrieval function is a function, which takes a signer identifier and an SVO-ID as input and returns an SVO or an error as output.

The domain of acceptable signer identifiers is determined by an implementation.

Other documents define implementations of this function.