Re: [COSE] Robert Wilton's No Objection on draft-ietf-cose-hash-algs-04: (with COMMENT)
Jim Schaad <ietf@augustcellars.com> Tue, 09 June 2020 17:28 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 246E53A0B1F; Tue, 9 Jun 2020 10:28:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D-3-7iMeTG19; Tue, 9 Jun 2020 10:28:36 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6A303A0B1E; Tue, 9 Jun 2020 10:28:35 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 9 Jun 2020 10:28:29 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Robert Wilton' <rwilton@cisco.com>, 'The IESG' <iesg@ietf.org>
CC: draft-ietf-cose-hash-algs@ietf.org, cose-chairs@ietf.org, cose@ietf.org, 'Ivaylo Petrov' <ivaylo@ackl.io>
References: <159172095262.24997.15438689683390108475@ietfa.amsl.com>
In-Reply-To: <159172095262.24997.15438689683390108475@ietfa.amsl.com>
Date: Tue, 09 Jun 2020 10:28:27 -0700
Message-ID: <009901d63e83$6502d290$2f0877b0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQFIhZBpFVfilUfhwKdQdsgpo++9SKnr+UNA
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/9pgpxRGyyBdeN2_pDjkBAC3Geew>
Subject: Re: [COSE] Robert Wilton's No Objection on draft-ietf-cose-hash-algs-04: (with COMMENT)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2020 17:28:38 -0000
-----Original Message----- From: Robert Wilton via Datatracker <noreply@ietf.org> Sent: Tuesday, June 9, 2020 9:43 AM To: The IESG <iesg@ietf.org> Cc: draft-ietf-cose-hash-algs@ietf.org; cose-chairs@ietf.org; cose@ietf.org; Ivaylo Petrov <ivaylo@ackl.io>; ivaylo@ackl.io Subject: Robert Wilton's No Objection on draft-ietf-cose-hash-algs-04: (with COMMENT) Robert Wilton has entered the following ballot position for draft-ietf-cose-hash-algs-04: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-cose-hash-algs/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Hi, Thank you for this document, I found it easy to read and understand. A few minor comments: 1. Introduction Indirect signing of content is a paradigm where the content is not directly signed, but instead a hash of the content is computed and that hash value, along with the hash algorithm, is included in the content that will be signed. Doing indirect signing allows for a signature to be validated without first downloading all of the content associated with the signature. This capability can be of even greater importance in a constrained environment as not all of the content signed may be needed by the device. Would it be better to write "along with an identifier for the hash algorithm"? [JLS] Totally makes sense - done 1. Introduction The use of hashes to identify objects is something that has been very common. One of the primary things that has been identified by a hash function for secure message is a certificate. Two examples of this can be found in [ESS] and the newly defined COSE equivalents in [I-D.ietf-cose-x509]. Perhaps drop "newly defined"? [JLS] done 3.2. SHA-2 Hash Algorithms * *SHA-256* is probably the most common hash function used currently. SHA-256 is an efficient hash algorithm for 32-bit hardware. Is this intended to imply that SHA-256 is not an efficient hash algorithm when running on 64-bit hardware? If so, that might be worth explicitly stating, although it is implied by the description for SHA-512/256. [JLS] I don't think so, the algorithm is less efficient than SHA-512 on 64-bit hardware but without making the relative statement it is less useful. I think that we are making statements about efficiency in the next line is sufficiently close. 3.3. SHAKE Algorithms Would this be more clear to be titled as SHA-3 Algorithms? [JLS] No I don't think so. The SHA-3 family defined SHA3-256 and SHAKE-256. I think that using SHAKE in the title makes it clear we are not dealing with the first group of hash functions. JIM Thanks, Rob
- [COSE] Robert Wilton's No Objection on draft-ietf… Robert Wilton via Datatracker
- Re: [COSE] Robert Wilton's No Objection on draft-… Jim Schaad