[COSE] Adam Roach's No Objection on draft-ietf-cose-hash-sig-07: (with COMMENT)
Adam Roach via Datatracker <noreply@ietf.org> Wed, 04 December 2019 03:20 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: cose@ietf.org
Delivered-To: cose@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DB3312009C; Tue, 3 Dec 2019 19:20:48 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Adam Roach via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-cose-hash-sig@ietf.org, Ivaylo Petrov <ivaylo@ackl.io>, cose-chairs@ietf.org, ivaylo@ackl.io, cose@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.111.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Adam Roach <adam@nostrum.com>
Message-ID: <157542964857.4747.788853927600346605.idtracker@ietfa.amsl.com>
Date: Tue, 03 Dec 2019 19:20:48 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/kYAupRdApAEQ9m8c5ZiXMOnw0Vo>
Subject: [COSE] Adam Roach's No Objection on draft-ietf-cose-hash-sig-07: (with COMMENT)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Dec 2019 03:20:48 -0000
Adam Roach has entered the following ballot position for draft-ietf-cose-hash-sig-07: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-cose-hash-sig/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for the work that went into creating this document. I have no comments on its contents (the crypto is somewhat outside my area of expertise), although I have a few observations regarding the examples. --------------------------------------------------------------------------- Appendix A: > This appendix provides a non-normative example of a COSE full message > signature and an example of a COSE_Sign1 message. This section > follows the formatting used in [RFC8152]. I would suggest that RFC 8610 might be a better reference here, as it is the document that actually defines the extended CBOR diagnostic format. In particular my recommendation is: "This section is formatted according to the extended CBOR diagnostic format defined by [RFC8610]." --------------------------------------------------------------------------- §A.1: > 98( > [ > / protected / h'a10300' / { > \ content type \ 3:0 > } / , > / unprotected / {}, > / payload / 'This is the content.', > / signatures / [ > [ > / protected / h'a101382d' / { > \ alg \ 1:-46 \ HSS-LMS \ > } / , > / unprotected / { > / kid / 4:'ItsBig' > }, > / signature / ... > ] > ] > ] > ) I think there are two things here that need to be addressed. First, section 3 of this document specifies: > o The 'kty' field MUST be present, and it MUST be 'HSS-LMS'. I can't find a 'kty' field in this example. Also, this example uses '-46' as the identifier for HSS-LMS, while section 6.1 specifies the value as "TBD." This example needs a clear note added for the RFC editor that the "-46" needs to be replaced by the IANA-assigned value. A similar annotation will be required for the 'kty' field, regarding the value assigned for section 6.2. --------------------------------------------------------------------------- §A.2: Same comments as A.1, above.
- [COSE] Adam Roach's No Objection on draft-ietf-co… Adam Roach via Datatracker
- Re: [COSE] Adam Roach's No Objection on draft-iet… Jim Schaad
- Re: [COSE] Adam Roach's No Objection on draft-iet… Russ Housley
- Re: [COSE] Adam Roach's No Objection on draft-iet… Adam Roach