IETF Logo Mail Archive

Re: [COSE] [IANA #1284212] expert review for draft-ietf-cose-cwt-claims-in-headers (cose)

Carsten Bormann <cabo@tzi.org> Wed, 29 November 2023 10:51 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E48F7C15153E for <cose@ietfa.amsl.com>; Wed, 29 Nov 2023 02:51:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.907
X-Spam-Level:
X-Spam-Status: No, score=-6.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Lk4bpnEN00S for <cose@ietfa.amsl.com>; Wed, 29 Nov 2023 02:51:34 -0800 (PST)
Received: from smtp.zfn.uni-bremen.de (smtp.zfn.uni-bremen.de [IPv6:2001:638:708:32::21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9349DC14CF1C for <cose@ietf.org>; Wed, 29 Nov 2023 02:51:33 -0800 (PST)
Received: from eduroam-0647.wlan.uni-bremen.de (eduroam-0647.wlan.uni-bremen.de [134.102.18.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4SgGN313HjzDCfq; Wed, 29 Nov 2023 11:51:31 +0100 (CET)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <SJ0PR02MB7439403FD6D8FCDC78D40A82B7B2A@SJ0PR02MB7439.namprd02.prod.outlook.com>
Date: Wed, 29 Nov 2023 11:51:30 +0100
Cc: Francesca Palombini <francesca.palombini@ericsson.com>, "paul.wouters@aiven.io" <paul.wouters@aiven.io>, "lgl island-resort.com" <lgl@island-resort.com>, "drafts-expert-review-comment@iana.org" <drafts-expert-review-comment@iana.org>, "cose@ietf.org" <cose@ietf.org>
X-Mao-Original-Outgoing-Id: 722947890.3349611-2f22c9ca5f49e943f68d2d70f47cb906
Content-Transfer-Encoding: quoted-printable
Message-Id: <C8D3F7DB-27CB-43A9-A278-1ED7AF0448ED@tzi.org>
References: <RT-Ticket-1284212@icann.org> <rt-5.0.3-580051-1697567816-1595.1284212-9-0@icann.org> <rt-5.0.3-580636-1697568304-0.1284212-9-0@icann.org> <AS1PR07MB8616EFA12DB4F47075B7AB5198DDA@AS1PR07MB8616.eurprd07.prod.outlook.com> <MW4PR02MB7428022AEA2B4574410EE7EEB7DDA@MW4PR02MB7428.namprd02.prod.outlook.com> <AS1PR07MB8616E407B141D0C56F7EC65398DCA@AS1PR07MB8616.eurprd07.prod.outlook.com> <F465B3E6-B2CA-4580-B006-5DE7D8E9AABD@tzi.org> <MW4PR02MB7428E1B8942D1D64A825B0EEB7DCA@MW4PR02MB7428.namprd02.prod.outlook.com> <D4A1FC53-8D45-455B-8DF0-F3692F96AE4A@tzi.org> <MW4PR02MB7428A11CC4B4061109E5A07DB7DCA@MW4PR02MB7428.namprd02.prod.outlook.com> <56022A38-8D1A-4C65-A535-E3D45F3C3C7E@tzi.org> <MW4PR02MB7428751A6DC9804B8B15B66BB7DCA@MW4PR02MB7428.namprd02.prod.outlook.com> <641BD038-522A-41C2-B2C2-9E3C118DE915@tzi.org> <MW4PR02MB7428C73DA8A708AB8B860923B7DCA@MW4PR02MB7428.namprd02.prod.outlook.com> <4F61896C-4BAD-436E-AC31-3F50E9B93BF7@island-resort.com> <B7F75895-A2CD-4BDB-BDD9-08AE784690A2@tzi.org> <A5700329-C5E2-41B8-9AA8-9455855A088F@island-resort.com> <B2B317AD-CA0C-4B63-B797-572EF4D64E66@tzi.org> <SJ0PR02MB7439EBC79259647E7BF45789B7ABA@SJ0PR02MB7439.namprd02.prod.outlook.com> <3E122426-7C91-4362-A5BF-C82D4417F482@tzi.org> <SJ0PR02MB7439B995FAE830D1F7509889B7ABA@SJ0PR02MB7439.namprd02.prod.outlook.com> <SJ0PR02MB7439E7A5048CED933797B4F5B7A9A@SJ0PR02MB7439.namprd02.prod.outlook.com> <A4F9D3CB-EE82-4949-9821-6AD74FE42F7C@tzi.org> <SJ0PR02MB74395E7CD76777C39123A56DB7AFA@SJ0PR02MB7439.namprd02.prod.outlook.com> <SJ0PR02MB7439403FD6D8FCDC78D40A82B7B2A@SJ0PR02MB7439.namprd02.prod.outlook.com>
To: Michael Jones <michael_b_jones@hotmail.com>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/39vBTED523nts7FahEKgQYD9KFY>
Subject: Re: [COSE] [IANA #1284212] expert review for draft-ietf-cose-cwt-claims-in-headers (cose)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2023 10:51:39 -0000

Hi Mike,

the text of -09 is not yet in the repository, so I made a pull request to the state of main in https://github.com/tplooker/draft-ietf-cose-cwt-claims-in-headers:

https://github.com/tplooker/draft-ietf-cose-cwt-claims-in-headers/pull/14

This PR avoids the nebulous term profile introduced in -09.
It also makes the requirement for indicating the intended interpretation a protocol requirement, instead of burying it in the security considerations.
It is explicit that it is the security (integrity protection and authentication) of the *combination* of the CWT Claims header parameter and of the method of conveying the intended interpretation governs the allowable usage of the interpreted information.

Grüße, Carsten


> On 2023-11-14, at 19:09, Michael Jones <michael_b_jones@hotmail.com> wrote:
> 
> Hi Francesca,
> 
> Now that we have an agreed-upon strategy in which the lake-edhoc and draft-ietf-cose-cwt-claims-in-headers header parameters are distinct, can you please reply-all updating your review to approve the registration?  That should put us in good shape for the November 30th Telechat.
> 
> FYI, Hannes replied updating his IoTDir review saying that the spec is ready - which he did in response to the security considerations updates we made together in https://www.ietf.org/archive/id/draft-ietf-cose-cwt-claims-in-headers-09.html.
> 
> Carsten, in response to your feedback, -09 now also says that the profile used defines the semantics for the CWT claims used.
> 
>                                Thanks both,
>                                -- Mike
> 
> -----Original Message-----
> From: COSE <cose-bounces@ietf.org> On Behalf Of Michael Jones
> Sent: Thursday, November 9, 2023 3:54 AM
> To: Carsten Bormann <cabo@tzi.org>
> Cc: Francesca Palombini <francesca.palombini@ericsson.com>; paul.wouters@aiven.io; lgl island-resort.com <lgl@island-resort.com>; drafts-expert-review-comment@iana.org; cose@ietf.org
> Subject: Re: [COSE] [IANA #1284212] expert review for draft-ietf-cose-cwt-claims-in-headers (cose)
> 
> I created https://github.com/tplooker/draft-ietf-cose-cwt-claims-in-headers/pull/13 to describe the non-CBOR payload use case in response to Hannes' IotDir review.  It also says that profiles define the semantics of the claims used, in response to further feedback from Carsten.
> 
> Reviews requested!
> 
>                                -- Mike
> 
> -----Original Message-----
> From: Carsten Bormann <cabo@tzi.org>
> Sent: Wednesday, November 8, 2023 11:46 AM
> To: Michael Jones <michael_b_jones@hotmail.com>
> Cc: Francesca Palombini <francesca.palombini@ericsson.com>; paul.wouters@aiven.io; lgl island-resort.com <lgl@island-resort.com>; drafts-expert-review-comment@iana.org; cose@ietf.org
> Subject: Re: [COSE] [IANA #1284212] expert review for draft-ietf-cose-cwt-claims-in-headers (cose)
> 
> Hi Mike,
> 
> I was planning to send you (a PR with) some clarifying editorial changes first.
> The week is quite full...
> 
> Grüße, Carsten
> 
> 
>> On Nov 8, 2023, at 00:29, Michael Jones <michael_b_jones@hotmail.com> wrote:
>> 
>> As designated experts, can you please reply-all saying that you approve of the registration proposed in https://www.ietf.org/archive/id/draft-ietf-cose-cwt-claims-in-headers-08.html
> 
> 
> _______________________________________________
> COSE mailing list
> COSE@ietf.org
> https://www.ietf.org/mailman/listinfo/cose

v2.23.0 | Report a Bug | By Email