Re: [COSE] AD review of draft-ietf-cose-rfc8152bis-struct-08 — DIFF CHECK
Jim Schaad <ietf@augustcellars.com> Thu, 14 May 2020 20:39 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6174B3A0D26; Thu, 14 May 2020 13:39:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XWH0V80ko5Ty; Thu, 14 May 2020 13:39:50 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32F693A0D23; Thu, 14 May 2020 13:39:49 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 13 May 2020 11:08:33 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Barry Leiba' <barryleiba@computer.org>, draft-ietf-cose-rfc8152bis-struct.all@ietf.org
CC: cose@ietf.org
References: <CALaySJLUNpkiu4qj4YXaycBqFSdQ1hn11u1mYkZPve8kr3CHRQ@mail.gmail.com>
In-Reply-To: <CALaySJLUNpkiu4qj4YXaycBqFSdQ1hn11u1mYkZPve8kr3CHRQ@mail.gmail.com>
Date: Wed, 13 May 2020 11:08:30 -0700
Message-ID: <018701d62951$84539bd0$8cfad370$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQINtj+cNFKyOMr199RO5+eEIdumXKg3LT6w
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/BfgL9qI3aGK_QTyonc-M7tkEziI>
Subject: Re: [COSE] AD review of draft-ietf-cose-rfc8152bis-struct-08 — DIFF CHECK
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 May 2020 20:39:53 -0000
-----Original Message----- From: Barry Leiba <barryleiba@computer.org> Sent: Tuesday, May 12, 2020 8:31 AM To: draft-ietf-cose-rfc8152bis-struct.all@ietf.org Cc: cose@ietf.org Subject: AD review of draft-ietf-cose-rfc8152bis-struct-08 — DIFF CHECK Hi, all. I've picked up the sponsorship of the two 8152bis drafts from Ben in order to help share the load and get the documents moving faster than Ben has time for just now. I've started AD review with a pass at the diffs between this document and 8152; I will follow with a closer review of this document to see if there are things that look like they should have been updated or clarified, but weren't (I don't expect to find much there, but I want to look). Here's the review of the diffs: Please be consistent about use of “counter signature” or “countersignature”. Consider, for example, the inconsistency in the 4th and 5th paragraphs of Section 5.1, and the section title of 5 vs 5.1 and 5.2. (It looks like 8152 spelled it as two words and 8152bis spells it as one. I don't care which way the WG wants to go for the update, but it should be consistent throughout the document.) [JLS] Given that 8152 used two words, I made a pass to make it two words here as well. — Section 3 — the value is wrapped in the binary object. Recipients MUST accept both a zero-length binary value and a zero-length map encoded in Should this say “zero-length byte string” for consistency? [JLS] Looks good - done — Section 4.3 — proxy, or an attacker, changes the set of accept values by including the field in the application supplied data. Nit: hyphenate “application-supplied”. [JLS] look fine - done twice * If multiple items are included, applications need to ensure that the same byte string cannot produced if there are different Nit: “cannot be produced” [JLS] looks fine - done — Sections 4.4, 6.3, and 7.3 — In bullets 2 and 3 in each, I think it’d be better to use “zero-length byte string” for consistency in the text, rather than “bstr of length zero” or “zero-length bstr” sometimes. [JLS] I don't feel strongly about this - done — Section 5 — It is always possible to construct cases where the decryption is successful, while providing completely different answers by using a different key. This situation is not detectable by a countersignature on the encrypted data. It took me a few readings of this to get what I think you mean. I don’t think I would refer to this as “the decryption is successful.” Might this be better said with something like this?: NEW It is always possible to construct cases where use of a different key appears to result in successful decryption, but provides completely different unencrypted data. This situation is not detectable by a countersignature on the encrypted data. END [JLS] How about It is always possible to construct cases where the use of two different keys will appear to result in a successful decryption (the tag check success), but which produce two completely different plaintexts. This situation is not detectable by a counter signature on the encrypted data. — Section 5.1 — The full countersignature structure can be encoded as either a tagged or untagged depending on the context it is used in. Nit: remove “a”. [JLS] Fine - done — Section 5.2 — Abbreviated countersignatures were designed primarily to deal with the problem of having group encrypted messaging Would “encrypted group messaging” be better? The MLS working group refers to "group messaging", and we're talking about making that encrypted. [JLS] Core documents appear to use "secure group communication", but I think that this change is still clear. done — Section 7 — COSE_MAC is used for all other cases. These include a requirement for multiple recipients, the key being unknown, or a recipient algorithm of other than direct. ‘Tis a total nit, but you changed “and” to “or” here, and I think the change was incorrect, and the original “and” was correct — the “other cases” include all three of the examples. [JLS] This change was made in response to a WG comment. I believe that "or" is correct here as there are three different cases being listed rather than a combination of the three cases. — Section 9 — This taxonomy should not be considered to be exhaustive as there are new algorithm structures that could be found or are not known to the author. This reads oddly to me: “that could be found” seems strange, and “not known to the author” feels wrong in a working group document. Can you try rewording this? [JLS] Does this seem better? In this section, a taxonomy of the different algorithm types that can be used in COSE is laid out. This taxonomy should not be considered to be exhaustive. New algorithms will be created which will not fit into this taxonomy. If this occurs, then new documents addressing this new algorithms are going to be needed. — Section 9.5.1 — Should either or both instances of “zero-length item” here be “zero-length byte string” or “zero-length text string” so as to be appropriately specific? [JLS] Yes they should - done. Jim -- Barry
- [COSE] AD review of draft-ietf-cose-rfc8152bis-st… Barry Leiba
- Re: [COSE] AD review of draft-ietf-cose-rfc8152bi… Barry Leiba
- Re: [COSE] AD review of draft-ietf-cose-rfc8152bi… Jim Schaad
- Re: [COSE] AD review of draft-ietf-cose-rfc8152bi… Carsten Bormann
- Re: [COSE] AD review of draft-ietf-cose-rfc8152bi… Jim Schaad