Re: [COSE] [Gen-art] Genart last call review of draft-ietf-cose-hash-sig-05
Alissa Cooper <alissa@cooperw.in> Wed, 04 December 2019 16:17 UTC
Return-Path: <alissa@cooperw.in>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C19C412002E; Wed, 4 Dec 2019 08:17:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.773
X-Spam-Level:
X-Spam-Status: No, score=-2.773 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.073, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=oIXd63DK; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Hu3QdrgJ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SLQfNy-AVSlF; Wed, 4 Dec 2019 08:17:41 -0800 (PST)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E27AA120019; Wed, 4 Dec 2019 08:17:37 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 48BC022281; Wed, 4 Dec 2019 11:17:37 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Wed, 04 Dec 2019 11:17:37 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm1; bh=8 w9K+FBmXQNQ23ajIlmOXlB5YVxzfFzeUFCdE7xKh6Q=; b=oIXd63DKJAiuQapji zxy/4hgdbfjoaAt/8e0GAdrmmK0KUTMKHeXzo6C+rkEs2vAAcK3OkQ/A5qHmMWTl +I3l1RDmdac/+mZSFmgZvVgAUrogILRgZlsK+uuGyWmLMqyasfFp1bnyUlX2Pdzg hmJWoA9zaQr2Uz3c3NZ2m4BjsDu2MrmJ1oliE/Xnaca8ySz7k6WuVxiEVJ6hOeqK wK3Hj3l6gVkb/2Q64ZiQhkAy6Naf7SCLp809ZCsGeMdpwzCBCr5eHKPWNMQUC5Z8 Gp6QytTTfWbajOt8CMP/4MuEDZCh7+ZHrTeHDd+ubgOzGbsYDYt5+46u3cDIhHeM qyQtQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=8w9K+FBmXQNQ23ajIlmOXlB5YVxzfFzeUFCdE7xKh 6Q=; b=Hu3QdrgJU+ieCq78mj/Y9v/PvnW8nzQ0Zg9V/KPRblM+THjyCIi7KFIEa 2B1PnK7DN46Ouzgo3FoXPlrcJmAIyY6gy5Mi00p+Fxuu1J+SiG0BWGT7Orud34qq gKh6AcfKZnOo+WvqzPbL2jGVkc12pzgmFcTvtA6HIUY0PJfIQTQpJiGUtWwQWc2N N0kYN8IlYv7GY2l4XpwR/03wbglkohEV2XcUHOMbvU3Cdt0xxbW3CKOx69E6eyKw 1MarxHPmJHKXwsiYwKlPwmMv52ZVB2xlyM5g88Du4V5EVXytkksY+9OAZUMgpCX5 IrFh4q41E65HEZQRVJezXkkuWp3Ew==
X-ME-Sender: <xms:INznXc1wIILELXeZrNt1j6H_maq8tD8GJIbelvP57C2it5u0djJ2cQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrudejledgkeehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurheptggguffhjgffgffkfhfvofesthhqmhdthhdtvdenucfhrhhomheptehlihhs shgrucevohhophgvrhcuoegrlhhishhsrgestghoohhpvghrfidrihhnqeenucffohhmrg hinhepihgvthhfrdhorhhgnecukfhppedutdekrdehuddruddtuddrleeknecurfgrrhgr mhepmhgrihhlfhhrohhmpegrlhhishhsrgestghoohhpvghrfidrihhnnecuvehluhhsth gvrhfuihiivgeptd
X-ME-Proxy: <xmx:INznXRpDDr623kPmM-_0nTtImkMiKv_Jyy9cDR8fs3CZI-mLXDHnCQ> <xmx:INznXRf8c_01U6oHaCjD52tnKyw8pbRV4qQ94KAFLjyEgK-exKJc4Q> <xmx:INznXYo1VCP4qaPLjWdtVB4hmbH83ZMAvXdU2bGlKHIMrIjPPmg7_w> <xmx:IdznXQ0Mwax9VM-boLErAzaq822yvl7jzY0hM-SfUVFtBJ_mZXQwrA>
Received: from alcoop-m-c46z.fios-router.home (pool-108-51-101-98.washdc.fios.verizon.net [108.51.101.98]) by mail.messagingengine.com (Postfix) with ESMTPA id 998CD80060; Wed, 4 Dec 2019 11:17:36 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <157230544744.16080.11317427545621451267@ietfa.amsl.com>
Date: Wed, 04 Dec 2019 11:17:35 -0500
Cc: gen-art@ietf.org, last-call@ietf.org, draft-ietf-cose-hash-sig.all@ietf.org, cose@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <21E4C0CC-2C25-40FE-836B-98A06EE975DB@cooperw.in>
References: <157230544744.16080.11317427545621451267@ietfa.amsl.com>
To: Elwyn Davies <elwynd@dial.pipex.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/HXsolRyl_iQ93wVgjYRlBsrcRZk>
Subject: Re: [COSE] [Gen-art] Genart last call review of draft-ietf-cose-hash-sig-05
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Dec 2019 16:17:43 -0000
Elwyn, thanks for your review. I entered a No Objection ballot and requested a response to your review. Alissa > On Oct 28, 2019, at 7:30 PM, Elwyn Davies via Datatracker <noreply@ietf.org> wrote: > > Reviewer: Elwyn Davies > Review result: Almost Ready > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > > Document: draft-ietf-cose-hash-sig-05 > Reviewer: Elwyn Davies > Review Date: 2019-10-28 > IETF LC End Date: 2019-10-29 > IESG Telechat date: Not scheduled for a telechat > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <" dir="auto">https://trac.ietf.org/trac/gen/wiki/GenArtfaq>;. > > Document: draft-ietf-cose-hash-sig-05 > Reviewer: Elwyn Davies > Review Date: 2019/10/28 > IETF LC End Date: 2019/10/29 > IESG Telechat date: (if known) N/A > > Summary: > Almost ready, There is one minor issue (barely above editorial) and a number > of nits. I haven't checked the details of the HSS/LMS summary derived from RFC > 8554 and I am taking the contents of the Appendix on trust! > > Major issues: > None > > Minor issues: > s1.1, last para: I found the note which provides particular motivation for > this proposal rather obscure on first reading. After thinking about it, I now > understand why this is here, but another sentence or so reinforcing the idea > that getting the software distribution system post-quantum secure at the > earlest opportunity is key to avoiding melt down should quantum computing > develop more quickly than we might expect. Also referring to the SUIT WG is > not future proof. > > Nits/editorial comments: > s1, HASHSIG reference anchor: I would be inclined to stick with the 'standard' > anchor for RFC 8554 i.e. [RFC8554]. > > s1, para 2: Expand DSA, ECDSA and EdDSA on first use ( RSA is claimed to be > well-known). Arguably references for the various mechanisms might be desirable. > > s2, last para: s/The the/The/ > > s2 and subsections: The terminology and symbology used (e.g, || for > concatenation) are (I believe) those defined in RFC 8554. This should be > mentioned. > > s2.2, para 1: 'This specification supports only SHA-256': I think this is a > cut-and-paste from RFC 8554. Suggest: s/This specification supports/[RFC8554] > initially only supports/ and add at the end 'This specification would > automatically support any such additional hash functions.' > > s4/s4.1: Rather than leaving an empty s4 and having a single subsection > (generally frowned upon), the phraseology used at the start of s17 of RFC 8152 > would be an improvement. > > s4: The security considerations of RFCs 8152 and 8554 are also relevant to > implementations of this specification. > > s6: References to the relevant IANA registries for 'COSE Algrithms' and 'COSE > Key Types' should be added. > > > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org > https://www.ietf.org/mailman/listinfo/gen-art
- [COSE] Genart last call review of draft-ietf-cose… Elwyn Davies via Datatracker
- Re: [COSE] [Gen-art] Genart last call review of d… Alissa Cooper
- Re: [COSE] Genart last call review of draft-ietf-… Russ Housley