IETF Logo Mail Archive

Re: [COSE] Last Call: <draft-ietf-cose-hash-algs-03.txt> (CBOR Object Signing and Encryption (COSE): Hash Algorithms) to Informational RFC

tom petch <daedulus@btconnect.com> Tue, 19 May 2020 09:35 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A75273A09C8; Tue, 19 May 2020 02:35:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ngfVlhBXhxLu; Tue, 19 May 2020 02:35:52 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70118.outbound.protection.outlook.com [40.107.7.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 779993A09C4; Tue, 19 May 2020 02:35:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F2zDjEv2+l6FuahiFhureFsDPImrTJ3IygWS+nlx32vJr20YMiKtVqguoh8OSerwtsefYx2c+7p6SI3/qFPo00PsA95vKJifkTIr5ESz9rdDw9mUAi7GiCu89CqxMsA9Hu6XN41uBIHm+dHdwJ0bkgtumkqBN8a+HyXCjUmMC7ssTV8b2gIt0HILgBKO4HeCkw4Sny6xCcpf/Ce+90aNV952iqB/RaXJI25HdE1d9fbYqXbX2K1BbVSzvvs8TK9Sx7EJqXjPzA8BmwIcSMcdJkhA+ZJGKcNCaPjJ8xJ7+DVdfYL5f0Q/vZCUrTNJIZMh9zhYUrlYnnQ5SjrihQnYnw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+0sZRRH6w9ia+9aE6QoNH5NFnGceAILcMFQgk628o6c=; b=imNU/3Hsf9R/R5ZwLHQ7i2OGZaxoHXoeahnsNLTZ7qJ9LsR4jOPGT4fOPfWMuhcs3190qN1hLG8fLv/TVx+9sz2RD5s/WtrS8SQdNCu7l13fb2I/vSgEeFolU+X29SH5RyIhxjhbio70nao81qVgTbrYnROamxVtMjZ3wrptsOZKo7Ny2VYzRcaaWyC2bfm+QzUNOG4q15q1h1cd36sX7JKW9g+MkzuJaEM5ykZ9t4kYOKdLO5mJnu06BEbdQJpySt8ZRgxvIK8qnnh65H2tnkfbBNE6UerpCkZheA7W4OKSAlo6DRQvrVmZ1QiidlyhNJjMmngZN+bkNIxs6gLGDA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+0sZRRH6w9ia+9aE6QoNH5NFnGceAILcMFQgk628o6c=; b=XaTIV1RFaaQe7r7RZjoDTsgqzlirpS4NcWQUdOX+J1TDFliuYzMSycOGT0i350EDXAiv4WxkB128yCZDxrPNjls/uRELMZFG7pV8IokPygm9xYcDbZS7ZwLXypPBiaWJ8iGxLza5Dc6D0zcGmK3TnJyO7lyre0/u3akTdSCEgsg=
Authentication-Results: ackl.io; dkim=none (message not signed) header.d=none;ackl.io; dmarc=none action=none header.from=btconnect.com;
Received: from VI1PR0701MB2480.eurprd07.prod.outlook.com (2603:10a6:800:63::16) by VI1PR0701MB2192.eurprd07.prod.outlook.com (2603:10a6:800:31::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.11; Tue, 19 May 2020 09:35:48 +0000
Received: from VI1PR0701MB2480.eurprd07.prod.outlook.com ([fe80::3474:b82e:e75a:b176]) by VI1PR0701MB2480.eurprd07.prod.outlook.com ([fe80::3474:b82e:e75a:b176%11]) with mapi id 15.20.3021.019; Tue, 19 May 2020 09:35:48 +0000
To: Last Call <last-call@ietf.org>
Cc: draft-ietf-cose-hash-algs@ietf.org, cose-chairs@ietf.org, cose@ietf.org, ivaylo@ackl.io
From: tom petch <daedulus@btconnect.com>
Message-ID: <5EC3A871.80903@btconnect.com>
Date: Tue, 19 May 2020 10:35:45 +0100
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: LO2P265CA0257.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:8a::29) To VI1PR0701MB2480.eurprd07.prod.outlook.com (2603:10a6:800:63::16)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [192.168.1.65] (81.131.229.108) by LO2P265CA0257.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:8a::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.3000.25 via Frontend Transport; Tue, 19 May 2020 09:35:47 +0000
X-Originating-IP: [81.131.229.108]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 7acc53a5-b2d1-4d6b-182a-08d7fbd8032f
X-MS-TrafficTypeDiagnostic: VI1PR0701MB2192:
X-Microsoft-Antispam-PRVS: <VI1PR0701MB219238E642CABAE2B92A713DC6B90@VI1PR0701MB2192.eurprd07.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-Forefront-PRVS: 040866B734
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 9gvj5Qycjz6Y8Mn6ubFPBDfbhUxou4Q51bkaRSc8UOYlb+ek4T+6ncZQ/0JWzKWzK8xjX1ayv3mdYT+kNgWO07v6qoXNN2uUybeU+xm4GvoXvuuD9dBnAnJLEp9+Gj4beuVeWp4fPbGjDWYmkYNdjr0NYJhXwegqBlgCiQe8qTcCyMlyB4AEXen69bsgu2I5+eibrng1A1bb0J2pTE+j2RnaDRHXITzT3nOAoXUVIYTIixtcaVL/QyfOTS//cLjFxh3bL1hUccU9TqhpqD/2LAYdRG3LP4XT+YykukUTQ5e63CIvbAJqiRE6IaxnvDaDVPQVnvSePYVJC/k0dD5eeSn+lPzwJ26ggrfWIi/djOJYw1qM6ktvEmEoifd4a6Uc5od7qFuTviYmrzXo6xppDG5YlK4RCeHgf9dZkzUh+yk7eSQA0sQG8KUW2UEyKBSCLKCX9nsoVDHa/dzR0cZI0wLBm8ix/CKudx3Ylh+XfL4=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR0701MB2480.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(366004)(39860400002)(136003)(396003)(376002)(346002)(8676002)(52116002)(16576012)(33656002)(8936002)(86362001)(478600001)(5660300002)(6486002)(6916009)(16526019)(186003)(2906002)(26005)(316002)(36756003)(4326008)(956004)(2616005)(966005)(66476007)(66946007)(66556008)(49324003)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData: E9p/gv/bUWchXtOz5tQ3SoWJ49TVSyYkyAZK65dBqt4b2sAiIJL+jrIfRCbMRPTBkhOv8BxH8zYtRTLUXtXeH/Y3wMSinPDUrww4gIe6qhdIbFNqINcT4/x2MsAIW+x8Kqk7EbT/K9aKWQtHv7LkRNFzZkI9QQhmG9+AOUEkYDrwgwf8oYfdZHqOvvtOFr5wSggRJaLDp1ZiwHHEWSptxt7t+am8BLDpUd4dM7PM0NClJVe+LVcrwfuA1mOS8yNzUT7BFLttcSLlEGMcMpT4mFS0wT6cXVA0iaB9iywbeL6Hsl6KelKr1l+tAwz53ygOjrzQSc8IknlxkV2zGPs/rJSAn+UwP94eZL+Fm4joH4ffGIf2q6LqnEv/E1KoCeSqdQGucbPLFHB1CTpIR5Y/LlN7bVRWhFSQ9yL95ShexnJveGl/Ke+CWn6DMUBNJ3n2o3sHmMODCYg5sv8ahZwkPW1OQxVEYyQFg96Fpucc8vc=
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7acc53a5-b2d1-4d6b-182a-08d7fbd8032f
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 May 2020 09:35:48.5978 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: vhRrTo3snbW5ehvKU0kJatCrkhU4OkyYCXLJOETgoSNirLMD/8K/essdJ2wY2MzLTC/uJeunj8nMwgLsgCRORw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2192
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/FuMt4IgjaZKG6ZhqpjKjfVt4CX0>
Subject: Re: [COSE] Last Call: <draft-ietf-cose-hash-algs-03.txt> (CBOR Object Signing and Encryption (COSE): Hash Algorithms) to Informational RFC
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 May 2020 09:35:56 -0000

I encounter a number of problems with this I-D.  Much of it is about IANA
Considerations and I note the absence of a reference to RFC8126 which
provides the basis for much of my comments.

RFC8126 specifies a two-tier structure for IANA, of Group name an
Registry name, which makes it easier to find data, now and in future.
This I-D makes no mention of the Group name; perhaps easy enough to
guess in this instance, but better specified.

The I-D contains references to some of TBD1 to TBD11, with no indication
of what to do with them.  Looking at the current registry it is apparent
that Early Allocation took place in 2018 and 2019.  The I-D makes no
reference to this.  Are all these values to be made permanent?  Some of
them? I expect the I-D to say.

The I-D adds the value 'filter only' to one of the columns.  The
registry was set up by RFC8152 which lists permitted values of which
this is not one.  This then constitutes an update to RFC8152 which the
I-D does not mention.

The registry has five columns; this I-D adds a new one, Capabilities,
another update to RFC8152.  What then happens to this column for
existing entries in the registry?  The I-D is silent.

RFC8152 is Standards Track; this I-D which IMHO updates it is
Informational.

The IANA registry entry gives a reference of 'RFC8152'; this I-D, which
changes the specification of the registry, needs adding to that
reference.

RFC8126 recommends that IANA Considerations be for IANA, that IANA does
not have to search the rest of the document for the data it needs.
Here, the relevant data appears in three other sections as well (and
there is much in the I-D that is not relevant to IANA, it is not one of
those I-D that is only about IANA).

Abstract should be plain text -
     [I-D.ietf-cose-rfc8152bis-struct]
does not look like plain text.

I have great faith in the ability of IANA to make sense of what they are
asked to do but do think that the more straightforward that is the
better.  And then there are those that come after, who want the RFC to
say what happened and why without digging into the e-mail archives (as I
see happening now and again:-)

Tom Petch

> ----- Original Message -----
> From: "IETF-Announce on behalf of The IESG"
> <ietf-announce-bounces@ietf.orgiesg-secretary@ietf.org>
> To: <IETF-Announce>
> Cc: <draft-ietf-cose-hash-algs@ietf.org>; <cose-chairs@ietf.org>;
> <cose@ietf.org>; <ivaylo@ackl.io>
> Sent: Tuesday, May 12, 2020 4:26 PM
>
>> The IESG has received a request from the CBOR Object Signing and
> Encryption
>> WG (cose) to consider the following document: - 'CBOR Object Signing
> and
>> Encryption (COSE): Hash Algorithms'
>>    <draft-ietf-cose-hash-algs-03.txt> as Informational RFC
>>
>> The IESG plans to make a decision in the next few weeks, and solicits
> final
>> comments on this action. Please send substantive comments to the
>> last-call@ietf.org mailing lists by 2020-05-26. Exceptionally,
> comments may
>> be sent to iesg@ietf.org instead. In either case, please retain the
> beginning
>> of the Subject line to allow automated sorting.
>>
>> Abstract
>>
>>
>>     The CBOR Object Signing and Encryption (COSE) syntax
>>     [I-D.ietf-cose-rfc8152bis-struct] does not define any direct
> methods
>>     for using hash algorithms.  There are however circumstances where
>>     hash algorithms are used: Indirect signatures where the hash of one
>>     or more contents are signed.  X.509 certificate or other object
>>     identification by the use of a fingerprint.  This document defines
> a
>>     set of hash algorithms that are identified by COSE Algorithm
>>     Identifiers.
>>
>>
>> The file can be obtained via
>> https://datatracker.ietf.org/doc/draft-ietf-cose-hash-algs/
>>
>>
>>
>> No IPR declarations have been submitted directly on this I-D.
>>
>>
>>
>>
>>
>> _______________________________________________
>> IETF-Announce mailing list
>> IETF-Announce@ietf.org
>> https://www.ietf.org/mailman/listinfo/ietf-announce
>> =

v2.23.0 | Report a Bug | By Email