Re: [COSE] Martin Duke's No Objection on draft-ietf-cose-rfc8152bis-algs-09: (with COMMENT)
Jim Schaad <ietf@augustcellars.com> Mon, 15 June 2020 17:31 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E9E13A07CE; Mon, 15 Jun 2020 10:31:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vhwYKdVH4Rnv; Mon, 15 Jun 2020 10:31:22 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 046393A07B9; Mon, 15 Jun 2020 10:31:21 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 15 Jun 2020 10:31:16 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Martin Duke' <martin.h.duke@gmail.com>, 'The IESG' <iesg@ietf.org>
CC: draft-ietf-cose-rfc8152bis-algs@ietf.org, cose-chairs@ietf.org, cose@ietf.org, 'Matthew Miller' <linuxwolf+ietf@outer-planes.net>
References: <159176657029.21875.10088343710386665224@ietfa.amsl.com>
In-Reply-To: <159176657029.21875.10088343710386665224@ietfa.amsl.com>
Date: Mon, 15 Jun 2020 10:31:14 -0700
Message-ID: <008801d6433a$c6e244d0$54a6ce70$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQHVtGfUFBi+5CIiLSIQJo/8vmDql6jbCpug
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/Oq6a-iBUdo9KeithzPCYIDGMWWk>
Subject: Re: [COSE] Martin Duke's No Objection on draft-ietf-cose-rfc8152bis-algs-09: (with COMMENT)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jun 2020 17:31:28 -0000
-----Original Message----- From: Martin Duke via Datatracker <noreply@ietf.org> Sent: Tuesday, June 9, 2020 10:23 PM To: The IESG <iesg@ietf.org> Cc: draft-ietf-cose-rfc8152bis-algs@ietf.org; cose-chairs@ietf.org; cose@ietf.org; Matthew Miller <linuxwolf+ietf@outer-planes.net>; linuxwolf+ietf@outer-planes.net Subject: Martin Duke's No Objection on draft-ietf-cose-rfc8152bis-algs-09: (with COMMENT) Martin Duke has entered the following ballot position for draft-ietf-cose-rfc8152bis-algs-09: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-cose-rfc8152bis-algs/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- As everyone else has pointed out, the header needs to be fixed to indicate this is Informational, not Standards Track. Section 1. s/messages transport/message transport s/of the Javascript/of Javascript [JLS] Done. Sec 1.3 In the definitions of “AE” and “AEAD”, I don’t understand the functional difference between authentication of “plaintext contents” (AE) and authentication of “non-encrypted data” (AEAD). AFAICT AE isn’t actually used in the document, so it might be easiest to simply delete it. [JLS] I have updated the text to read as follows, does that make it clearer? Authenticated Encryption (AE) <xref target="RFC5116"/> algorithms are encryption algorithms that provide an authentication check of the contents algorithm with the encryption service. An example of an AE algorithm used in COSE is AES Key Wrap <xref target="RFC3394"/>. These algorithms are used for key encryption algorithms, but AEAD algorithms would be preferred. Authenticated Encryption with Associated Data (AEAD) <xref target="RFC5116"/> algorithms provide the same authentication service of the content as AE algorithms do. They also allow for associated data to be included in the authentication service, but which is not part of the encrypted body. An example of an AEAD algorithm used in COSE is AES-GCM <xref target="RFC5116"/>. These algorithms are used for content encryption and can be used for key encryption as well. Sec 1.5. Replace the URL with a reference. [JLS] Fixed. I actually read this whole document but got pretty lost by the end, not being an expert in this area.
- [COSE] Martin Duke's No Objection on draft-ietf-c… Martin Duke via Datatracker
- Re: [COSE] Martin Duke's No Objection on draft-ie… Jim Schaad
- Re: [COSE] Martin Duke's No Objection on draft-ie… Martin Duke
- Re: [COSE] Martin Duke's No Objection on draft-ie… Jim Schaad