[COSE] Review of draft-ietf-cose-hash-algs-01
Ludwig Seitz <ludwig.seitz@ri.se> Wed, 25 September 2019 07:23 UTC
Return-Path: <ludwig.seitz@ri.se>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D07F9120105 for <cose@ietfa.amsl.com>; Wed, 25 Sep 2019 00:23:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=risecloud.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id orze9j04lW1s for <cose@ietfa.amsl.com>; Wed, 25 Sep 2019 00:23:39 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10088.outbound.protection.outlook.com [40.107.1.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E23C1200B8 for <cose@ietf.org>; Wed, 25 Sep 2019 00:23:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MgiAbY0PgYU406LZAM/uTwBMeqgdRlp85FxUOUSBwdsP+q291nPNgP6MOXPoj9HDWQ1jnm+Nc47rNVAZTCEHnQtW7WnN5qASlQAiBiqMrQII9ErDah49cZ8tjJRoKImxc2YGZooFpdGN3XRhBCHnCLSfDXQLRf7L7wHH7tNcrj8VELmq7Y21eQg/fGY78ud0G7/Az+3ZrOcDOpvJF0h62o06UoO6PRN1EwjLhSnf8Md6FLpx2UWXJKPjl7NtjITqabaPehxWwe0dlZGsH2pYQPgo+PjdAXWkuxodt+77+bZ3OGW56zi2aMDj/66NBZfhJHQgFkLFcbAxMxEtptm5WQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=y0qgLhXDa5HI4y3llbH1hmQBQYvrIs/26L9qVqyKC9Q=; b=W5mZQuRgWX9jHRt3AmW0tQAFr4dg8KgCKWno44QFAm0PgjrgEC7JKwsx3aF5XjKSZQ5ysc8Iy6X5w6ObmXQiG5y9quMofSFytS2jl99V+QldY/CqFcC6xUr//k9SIPAnTcdatF5OJJi/EGnb24HGOH+Aq1DlwHr4/R1hxkJz4h5G7+otHLow0Ta5xD4GoXTstR20UvZUm0hA6wTenuLw9tWWbGfJBY1scvAnPJeTgickLowQSOD6Ma5MSLB8AxeuIELwDRcnrQCbrVtwGgdDlkDvELcfrlVVh3m2V6uDl6IJcqTJi9VTeq+yQevH4505ER31aCFC/tlBUFUfoFMZiQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 194.218.146.197) smtp.rcpttodomain=ietf.org smtp.mailfrom=ri.se; dmarc=pass (p=none sp=none pct=100) action=none header.from=ri.se; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=RISEcloud.onmicrosoft.com; s=selector2-RISEcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=y0qgLhXDa5HI4y3llbH1hmQBQYvrIs/26L9qVqyKC9Q=; b=dQys0Fuyc4ZmWRIXAynpTJ6AD9wLgGRXd6vkkxTm6LRyyy62aTIQDJgdljYkdmc3dEDEZhAhNQ12Ijo09Slh05NZjCsy5JQ53wIIs3b6FoDj0Op+hk8is7rWijVHciLOvLLg+nO/TqQABIH8fKP8z9Tns68Zde8UX7UgWFMKZk8=
Received: from HE1P18901CA0011.EURP189.PROD.OUTLOOK.COM (2603:10a6:3:8b::21) by DB8P189MB0716.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:12f::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.20; Wed, 25 Sep 2019 07:23:36 +0000
Received: from HE1EUR02FT059.eop-EUR02.prod.protection.outlook.com (2a01:111:f400:7e05::203) by HE1P18901CA0011.outlook.office365.com (2603:10a6:3:8b::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.20 via Frontend Transport; Wed, 25 Sep 2019 07:23:36 +0000
Authentication-Results: spf=pass (sender IP is 194.218.146.197) smtp.mailfrom=ri.se; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=pass action=none header.from=ri.se;
Received-SPF: Pass (protection.outlook.com: domain of ri.se designates 194.218.146.197 as permitted sender) receiver=protection.outlook.com; client-ip=194.218.146.197; helo=mail.ri.se;
Received: from mail.ri.se (194.218.146.197) by HE1EUR02FT059.mail.protection.outlook.com (10.152.11.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.20.2284.20 via Frontend Transport; Wed, 25 Sep 2019 07:23:36 +0000
Received: from [10.112.134.122] (10.100.0.158) by sp-mail-2.sp.se (10.100.0.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Wed, 25 Sep 2019 09:23:35 +0200
To: cose@ietf.org
From: Ludwig Seitz <ludwig.seitz@ri.se>
Message-ID: <bc8f7789-242f-cf72-5310-84d4f3b9f3ac@ri.se>
Date: Wed, 25 Sep 2019 09:23:35 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms030405070209010407010500"
X-Originating-IP: [10.100.0.158]
X-ClientProxiedBy: sp-mail-2.sp.se (10.100.0.162) To sp-mail-2.sp.se (10.100.0.162)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:194.218.146.197; IPV:NLI; CTRY:SE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(136003)(396003)(39860400002)(376002)(346002)(189003)(199004)(40036005)(235185007)(71190400001)(386003)(6116002)(3846002)(2906002)(33964004)(5024004)(14444005)(22756006)(70206006)(70586007)(568964002)(316002)(16576012)(26005)(58126008)(16586007)(486006)(2351001)(36756003)(31686004)(106002)(478600001)(22746008)(186003)(44832011)(336012)(476003)(5660300002)(16526019)(31696002)(126002)(2616005)(6916009)(65806001)(65956001)(86362001)(8676002)(81166006)(81156014)(8936002)(356004)(305945005)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB8P189MB0716; H:mail.ri.se; FPR:; SPF:Pass; LANG:en; PTR:InfoDomainNonexistent; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 84713007-6523-4a80-7347-08d741894778
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(4709080)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:DB8P189MB0716;
X-MS-TrafficTypeDiagnostic: DB8P189MB0716:
X-Microsoft-Antispam-PRVS: <DB8P189MB071621608F45C5D50BF4228282870@DB8P189MB0716.EURP189.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-Forefront-PRVS: 01713B2841
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: H8M0fszCJiBQ5a724GOnX2ePjVH5Vuw0hU3iHaczMeCuFxnbIuqCD4Rj5vClvtyN+aornhfeEmAsa5lAnS0rVVfCqDXwIDkIl3A5IIwLrHrbfQVTC4Hayv5wuPL6JIHqpuNiPGkD5l5KbFAU180Ys8t+4hT9BrRY7SlMXihU0LPjs79uqW4JKqCSKYZ5EQ+uOYlAvI07VhqJTBCsXyKL55ElGco+JObV7quA8fivFpvs5UGK0CsleD9QUr8WUpUGABJPHO25Lr7D0ZK9qFoL5vrVnPwGSeFyO6FjS8CJ2Qi+F8g+zwgajUYh4vpdNQtfMGrAxQjhRb50zJaG+qlVLH/j0DTebQjYwZjETZNLg7OGFgftPaDwgCEGlz/C+syk77o4vJ8pM4CsXQ/rGzJH5WZc037+3o99oEmz3xJ5M1I=
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Sep 2019 07:23:36.0995 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 84713007-6523-4a80-7347-08d741894778
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5a9809cf-0bcb-413a-838a-09ecc40cc9e8; Ip=[194.218.146.197]; Helo=[mail.ri.se]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8P189MB0716
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/ZP7FW9LCFxi5V2YUon9rtjI_AJ0>
Subject: [COSE] Review of draft-ietf-cose-hash-algs-01
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Sep 2019 07:23:42 -0000
Hello group, here is my review of draft-ietf-cose-hash-algs-01. == The draft talks about identifying objects with hashes, should we add an informal reference to RFC 6920? == 2. Expand the abbreviation 'HSM' at first use. == 2.1 "There is no definition here of what goes into the 'any' value and how it would be included in the computed hash value." Perhaps prepend a "Note: " ? == 2.1 there needs to be a manual line break for readability in the COSE_Hash_V example. == 3.3 The reference for SHA-3 is wrong. FIPS-180-4 does not mention SHA-3 or SHAKE. The reference should be FIPS-202. == 3.3 Table 3 Any specific reasons why we do not specify identifiers for SHA3-224, SHA3-256, SHA3-384 and SHA3-512? == Section 4: "Many of the hash values ... even though it is a shorter value." Does this need to be in the final document? It feels more like a hint for IANA and designated experts when deciding on the value of the identifier, so I think it should be prepended with "RFC Editor: Please remove this paragraph" == Regards, Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51
- [COSE] Review of draft-ietf-cose-hash-algs-01 Ludwig Seitz
- Re: [COSE] Review of draft-ietf-cose-hash-algs-01 Jim Schaad