IETF Logo Mail Archive

[COSE] Comments on draft-ietf-cose-rfc8152bis-struct-07 and draft-ietf-cose-rfc8152bis-algs-06

John Mattsson <john.mattsson@ericsson.com> Thu, 21 November 2019 22:27 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C408312016E for <cose@ietfa.amsl.com>; Thu, 21 Nov 2019 14:27:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mLN02UVTnX1t for <cose@ietfa.amsl.com>; Thu, 21 Nov 2019 14:27:18 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60067.outbound.protection.outlook.com [40.107.6.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBFAC120122 for <cose@ietf.org>; Thu, 21 Nov 2019 14:27:17 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UrduJZMU97Lz3wp5//VkRKsootO+Q/B1K/T2Ly0wS2ptbOZcjQLi55FhgrAtOhYoLkuX4cPithizMGgBX3MRDJ9QKWByS6P8FbxseN2XOAMDCQ5PjL2AV63Kx5RYJgeo82wOGLbwSHnkIK6g7MYXP3cC98xJPSZDBm6LfFDa2DjdgLK93mQNUxcTYc2clhGesh1lIaO7DAMrd+gNn2hefxpooLoyuef4jz140iuxmtfGLvjKl+hzOwbWt1Iz4fyIZZnwxBagKoXNr1jEDWbi8YoMFTWFXLfyKZsHliQ29hcAdKbYiSMtBvh//XoPy6R2HzGnAaonkOp+93gbzZjiWg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S+C+2noUnjKzoapcZkKsGu/ZkxRoM8MgZZCUhsNO8EI=; b=O8AY3UEdwctXkeZ1THvkLDRGILQ58vMxZwd6tprOM3VzdA/WZXKS4mpoxG47LlNbyCkq9zr6e+5wdwfZQb6xLaA3Mi6DUaEKI5Mg+qxG5d1yUpjmgUyd6OV4dAlQZ47LDQCmUgvIiSmw7KCq3nImX6QY+OchSAUxDQXdjsR9jhpPslAlBEg73bhFSvO7/s8lYgfO5LowZ3ZTQNGmWnbbj14gQf2zlM0f83eOP2bopm3Zdhngly4L3pCyhB9IbAzppqSLKAVYcd7WwzvTQrA8f2YCGzjCrF0nrlWlxxIdKqyhVyELN46+R2OQ/3ZvIWW8f0RtaHUUcjHCKrnVP2s4fA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S+C+2noUnjKzoapcZkKsGu/ZkxRoM8MgZZCUhsNO8EI=; b=fcXyBU3qO9QjOQBrrpSkBG4UTPoqCD4CQ4FToNGXDCM1wg1oisc2Xg7s9ed4PzS5uyKCZvK2c8XN/ThhFna4obxg2IO1Y+3qPW4NnY09qS1MTDCfNNwLgN8988QZ73GwFnywx5ZPCWCA0pykNTPXCXTYmWuhAYRxd0MdFx8Nns8=
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.165.153) by HE1PR07MB3083.eurprd07.prod.outlook.com (10.170.246.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.13; Thu, 21 Nov 2019 22:27:13 +0000
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::21e5:eaae:99ed:41ac]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::21e5:eaae:99ed:41ac%3]) with mapi id 15.20.2474.019; Thu, 21 Nov 2019 22:27:13 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "cose@ietf.org" <cose@ietf.org>
Thread-Topic: Comments on draft-ietf-cose-rfc8152bis-struct-07 and draft-ietf-cose-rfc8152bis-algs-06
Thread-Index: AQHVoLrS7Dy1+bemvUCJEOEpTfhbdw==
Date: Thu, 21 Nov 2019 22:27:13 +0000
Message-ID: <E1082983-0F56-47BA-A548-7920F8AEDD95@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [61.8.238.244]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 14fb2230-6a2a-45a5-a29c-08d76ed1f54a
x-ms-traffictypediagnostic: HE1PR07MB3083:
x-microsoft-antispam-prvs: <HE1PR07MB30834B627948C7C7FEA0C3F6894E0@HE1PR07MB3083.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0228DDDDD7
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(39860400002)(376002)(366004)(136003)(346002)(189003)(199004)(44832011)(6512007)(66066001)(186003)(99286004)(2501003)(26005)(33656002)(8936002)(71190400001)(2351001)(71200400001)(102836004)(6436002)(91956017)(76116006)(25786009)(5640700003)(14454004)(36756003)(58126008)(316002)(66476007)(66556008)(66446008)(6506007)(66946007)(256004)(7736002)(2906002)(6486002)(6916009)(305945005)(14444005)(5660300002)(8676002)(2616005)(86362001)(3846002)(81166006)(81156014)(6116002)(1730700003)(478600001)(64756008); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3083; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: K2X9JGp392g/fUC8iBL51+E/JuV+jLMd54bhZGj1kiFOx2hslQOo6FBOwppkZ1kEUBzGxVjbwXsBJ8yw02jryC2iJXZISoVxtEmX6CYT56CqQszspp7IhuTrC11Xk1TjbdHhjYB2oewEjJmjKC1ySB2WeIvJoZMh6FhBCqP272MMpb0JuwEkMScXaK+rh/5545/Y1s5bkT5LwOAwa/aaZ2kkMNeAwu3+1WHS85Hj9SqWvTzZx6k/ekAw7lJGehZZ9Di1ddE14iMNjfYDM0fnGMyxfYyzok3878H8aGJelgSjSISEoPYZQkjks0JSE3F/tpf3Pzuf/QSzByaUqaTI0pZJskhpB4Tf9y1Em5F1tmCGoXiGOsP5JqUlMX+Ruo75POrpR22iVpAoAljNAkDh71KDS/kSp6AY3+kHAFZ02kY/yBXy/pXLIe7NbU0eSJzN
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <6CFA1BC89B304741A6152F649D5DF633@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 14fb2230-6a2a-45a5-a29c-08d76ed1f54a
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Nov 2019 22:27:13.7104 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4RG3eqDD6epKs1lNBZmZPF5zTRihTGRHEusOS/lLaXj7aKJHntI2XY83hgTWFdjkhvau+Lqo6Mpd4zTxWGcs9kh8N/oFUDr/kxIw3ylgJ1Y=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3083
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/m-xeP0H6o4UEn0t-bEnN8Jxg-QA>
Subject: [COSE] Comments on draft-ietf-cose-rfc8152bis-struct-07 and draft-ietf-cose-rfc8152bis-algs-06
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Nov 2019 22:27:20 -0000

Comments on draft-ietf-cose-rfc8152bis-struct-07 and draft-ietf-cose-rfc8152bis-algs-06

General:

 - Minor note: The abstracts of the documents have minor differences and the subsections in the introductions have differ orders.

 - As RFC 8610 is published now, shouldn’t the documents be updated to match the final CDDL grammar?

draft-ietf-cose-rfc8152bis-struct-07:

 - "There has been an increased focus on small, constrained devices"

   I think the document should mention constrained radio technologies as well

- "strings" are used in in various places. Should be changed to "byte string" or "text string" as CBOR has two types of strings

- "3.  The content of the message.  The content is either the plaintext or the ciphertext as appropriate."

  This seems to only describe encryption. For signatures and MACs it would be payload, signature/tag.

- "structure", "message", "object", "map", "array", "object structure", "message structure", "data object", "structure object", "map object", "array object", "data structure", "data item", "CBOR structures", "COSE structure", "COSE map", "CBOR map", "CBOR object", "COSE object"

  There is a large amount of terms used in the documents. I feel that they could be defined a bit more. Also, are all of them really needed?

- OLD "The set of protected header parameters wrapped in a bstr."
  NEW "The set of protected header parameters as a map wrapped in a bstr."

- The draft has quite a lot of text on different types of signatures like signatures with message recovery. Would be good to have some sentences on signatures with and without state. The text on signatures is also missing that they provide data authentication, integrity protection, and provides non-repudiation.

- "They provide either no or very limited data origination."
  This sentence occurs in several places. The term "data origination" seems to not be used very much and also have different meanings.
  E.g. the book "Information Security:   Dictionary of Concepts, Standards and Terms" defines it as
     "data origination. In computing, the translation of information from its original form into machine readable form or directly into electrical signals."

Could we replace "data origination" with "non-repudiation"?

- "digesst"
- "stucture"

draft-ietf-cose-rfc8152bis-algs-06

- "the the"

Cheers,
John

v2.23.0 | Report a Bug | By Email