Re: [COSE] Stephen Farrell's Discuss on draft-ietf-cose-msg-20: (with DISCUSS and COMMENT)
Göran Selander <goran.selander@ericsson.com> Tue, 01 November 2016 22:08 UTC
Return-Path: <goran.selander@ericsson.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D5D41295FA; Tue, 1 Nov 2016 15:08:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WY7DBioBz9fO; Tue, 1 Nov 2016 15:08:00 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E8BE129A29; Tue, 1 Nov 2016 15:07:59 -0700 (PDT)
X-AuditID: c1b4fb2d-1c7ff700000009f7-6a-5819123bd607
Received: from ESESSHC004.ericsson.se (Unknown_Domain [153.88.183.30]) by (Symantec Mail Security) with SMTP id 49.71.02551.B3219185; Tue, 1 Nov 2016 23:07:56 +0100 (CET)
Received: from ESESSMB303.ericsson.se ([169.254.3.133]) by ESESSHC004.ericsson.se ([153.88.183.30]) with mapi id 14.03.0319.002; Tue, 1 Nov 2016 23:07:54 +0100
From: Göran Selander <goran.selander@ericsson.com>
To: Jim Schaad <ietf@augustcellars.com>, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>, 'Justin Richer' <jricher@mit.edu>
Thread-Topic: [COSE] Stephen Farrell's Discuss on draft-ietf-cose-msg-20: (with DISCUSS and COMMENT)
Thread-Index: AQHSJ/5+PpYzxQEGkUCV86lFjxObP6Cv0hiAgArxbwCAAAG5AIABAk0AgAjA9ICAAEBIgA==
Date: Tue, 01 Nov 2016 22:07:55 +0000
Message-ID: <D43ED052.6BE21%goran.selander@ericsson.com>
References: <147665141739.25813.4419576200342341528.idtracker@ietfa.amsl.com> <029401d227f7$5cdb7fa0$16927ee0$@augustcellars.com> <e9ca5f76-e0a1-2824-4ddc-b74c416c2f0f@cs.tcd.ie> <822A08BC-5710-48E6-BCC7-AC86A554EFEC@mit.edu> <476D703F-727E-49D9-89C1-F6FD1092D55E@mit.edu> <94353594-ef7c-d909-605a-391ef2502c68@cs.tcd.ie> <D436AB37.6B4EB%goran.selander@ericsson.com> <066401d23474$a3659580$ea30c080$@augustcellars.com>
In-Reply-To: <066401d23474$a3659580$ea30c080$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.9.160926
x-originating-ip: [153.88.183.148]
Content-Type: text/plain; charset="utf-8"
Content-ID: <863228D9799D234F8C0624C63EA2D368@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrMIsWRmVeSWpSXmKPExsUyM2K7nK6NkGSEwZWVfBbvtu5jtJi2dSqr Re+j24wWM/5MZLZYPf07m8WGay9ZLabvvcbuwO6xcc50No+13VfZPJYs+cnk0XTmKHMASxSX TUpqTmZZapG+XQJXxvqrW5kKXu1nrPi78h97A+OXXYxdjJwcEgImEgvmnmDpYuTiEBJYxyix 5NQpdghnMaPEm74JrCBVbAIuEg8aHjGB2CIC1RL/FzeD2cwCGxkl1reKgdjCAqkSV1rPQdWk SZx4PIURwg6TOLFkNVicRUBF4s60F0BxDg5eAQuJNXuDIHZtYJZoeXeBBaSGU8BB4u3Kncwg NqOAmMT3U2ugdolL3HoynwniagGJJXvOM0PYohIvH/9jBZkpKqAnseZ+GERYSaJxyROwMLOA psT6XfoQU6wl7rXNZYWwFSWmdD9kB7F5BQQlTs58wjKBUXwWkmWzELpnIemehaR7FpLuBYys qxhFi1OLi3PTjYz1Uosyk4uL8/P08lJLNjECo/bglt+6OxhXv3Y8xCjAwajEw/thrUSEEGti WXFl7iFGCQ5mJRHeTgHJCCHelMTKqtSi/Pii0pzU4kOM0hwsSuK8ZivvhwsJpCeWpGanphak FsFkmTg4pRoYdY4sWNlwfdYEC7YnX0w6FZVzigQXhl9mioksS/w85fuftxZz1pf5BjOJfIwM nCxq46+nWiS770EGc/tTY8bfexdUprc/tJfKP6F4al7EfqE5r7Jdlp3guM5TMuVLsWrjXnme 938n9wX+czXc6yi5LnDbyay7W9SXHpleKaO9bda7KOFH/28JKLEUZyQaajEXFScCALBmLHnW AgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/qujqT5s_v5AiQJ8wFC2w4iQq3Jc>
Cc: "cose-chairs@ietf.org" <cose-chairs@ietf.org>, "draft-ietf-cose-msg@ietf.org" <draft-ietf-cose-msg@ietf.org>, 'The IESG' <iesg@ietf.org>, "cose@ietf.org" <cose@ietf.org>
Subject: Re: [COSE] Stephen Farrell's Discuss on draft-ietf-cose-msg-20: (with DISCUSS and COMMENT)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2016 22:08:09 -0000
On 2016-11-01 20:17, "COSE on behalf of Jim Schaad" <cose-bounces@ietf.org on behalf of ietf@augustcellars.com> wrote: >Another thread dealing with this issue includes >https://www.ietf.org/mail-archive/web/cose/current/msg00981.html - >basically the subject is 'make "alg" field optional' > >Usual suspects (Göran, Ludwig, Francesca) on one side, Just for the record: Hannes, Abhinav and Sandeep was also on this side this time Göran > me and a couple of others on the other side. Interestingly the antis >included Mike who argued for this in the JOSE. > >Jim > > > > >> -----Original Message----- >> From: Göran Selander [mailto:goran.selander@ericsson.com] >> Sent: Wednesday, October 26, 2016 9:37 PM >> To: Stephen Farrell <stephen.farrell@cs.tcd.ie>; Justin Richer >><jricher@mit.edu> >> Cc: Jim Schaad <ietf@augustcellars.com>; cose-chairs@ietf.org; The IESG >> <iesg@ietf.org>; draft-ietf-cose-msg@ietf.org; cose@ietf.org >> Subject: Re: Stephen Farrell's Discuss on draft-ietf-cose-msg-20: (with >>DISCUSS >> and COMMENT) >> >> Stephen, Justin, >> >> About item (2) - mandatory alg header - this was discussed on different >> occasions. Several voices were heard in support of a setting where a kid >> identifies key and algorithm. One thread starts here: >> >> https://www.ietf.org/mail-archive/web/cose/current/msg00544.html >> >> Appendix A was the proposed solution to resolve the conflict of >>mandatory alg >> header, but the case with only kid is discouraged, both in appendix A >>and in the >> section on COSE_Encrypt0 >> https://tools.ietf.org/html/draft-ietf-cose-msg-23#section-5.2 >> >> draft-ietf-core-object-security, which is the first and currently only >>adopted >> application of COSE, uses the COSE_Encrypt0 structure, does not have >>the alg >> header and has a kid header (“context identifier”, recommended to be 64 >>bit >> pseudo-random). >> >> >> Since you ask: Of course we would prefer to apply an endorsed version >>of COSE >> instead of making an exception from an exception. Appendix A in a sense >>opens >> a door. When what is mandatory in the body isn’t really mandatory, it >>is a >> smaller step to deviate from the recommendations. >> >> I think the contentious point was the potential non-uniqueness of kid. >>If I may >> wish: If we maintain mandatory alg header, then maybe some text about >>when >> kid header only could be acceptable, for example sufficiently large >>random kids, >> if we agree on that? >> >> Göran >> >> >> On 2016-10-26 17:12, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> >>wrote: >> >> > >> >Hiya, >> > >> >On 26/10/16 16:06, Justin Richer wrote: >> >> Hi Stephen, >> >> >> >> Sorry for the delay on answering #2 and #6 below. After researching >> >> the list archives and issue tracker, neither Kepeng nor I can find >> >> discussion on either issue. If there is such discussion in the >> >> archives, we would appreciate the working group members pointing us >> >> all to it. >> >> >> >> But as such, these both seem to be items that were added to the spec >> >> by the editor without controversy or contention from the working >> >> group. Therefore, it does appear to reflect consensus as there were >> >> no objections raised. We both think that the items are OK as is, but >> >> we’d like to give the working group a couple days to respond >> >> otherwise if that’s not the case for anyone. >> > >> >Thanks for checking. If the WG don't say they'd like a change within a >> >couple of days, I'll clear the discuss. (Please do ping me though, I >> >may forget;-) >> > >> >Cheers, >> >S. >> > >> > >> >> >> >> Thank you, >> >> >> >> — Justin & Kepeng, as COSE chairs >> >> >> >> >> >>> On Oct 19, 2016, at 8:59 AM, Justin Richer <jricher@MIT.EDU> >> >>> wrote: >> >>> >> >>> Hi Stephen, >> >>> >> >>> The consensus of the working group after Yokohama was to make the >> >>> CDDL non-normative and still use it as a description/example format. >> >>> >> >>> https://www.ietf.org/mail-archive/web/cose/current/msg00802.html >> >>> <https://www.ietf.org/mail-archive/web/cose/current/msg00802.html> >> >>> >> >>> I believe the current draft reflects that state. Yes, CDDL syntax is >> >>> peppered throughout the document as illustration, but it’s the >> >>> English text that’s normative. >> >>> >> >>> One point that was discussed was that if the draft did not use CDDL, >> >>> then another description language would likely need to be made up to >> >>> make human-readable examples in the text. The group felt that it was >> >>> better to use an existing (even if >> >>> unfinished/unofficial) description format but remove the normative >> >>> dependency. >> >>> >> >>> — Justin, as chair. >> >>> >> >>>> On Oct 16, 2016, at 3:41 PM, Stephen Farrell >> >>>> <stephen.farrell@cs.tcd.ie <mailto:stephen.farrell@cs.tcd.ie>> >> >>>> wrote: >> >>>> >> >>>> >> >>>> Hiya, >> >>>> >> >>>> Dear cose-chairs - there is stuff in this discuss for you to deal >> >>>> with. (Just putting that there in case you're not delving down into >> >>>> the body of the mails:-) >> >>>> >> >>>> On 16/10/16 22:50, Jim Schaad wrote: >> >>>>> I think we dealt with all of the comments. I cannot help you with >> >>>>> getting chair response. >> >>>>> >> >>>>> See below for my one issue. >> >>>>> >> >>>>> Jim >> >>>>> >> >>>>> >> >>>>>> -----Original Message----- From: Stephen Farrell >> >>>>>> [mailto:stephen.farrell@cs.tcd.ie >> >>>>>> <mailto:stephen.farrell@cs.tcd.ie>] Sent: Sunday, October 16, >> >>>>>> 2016 1:57 PM To: The IESG <iesg@ietf.org <mailto:iesg@ietf.org>> >> >>>>>> Cc: draft-ietf-cose-msg@ietf.org >> >>>>>> <mailto:draft-ietf-cose-msg@ietf.org>; Goeran Selander >> >>>>>> <goran.selander@ericsson.com >> >>>>>> <mailto:goran.selander@ericsson.com>>; cose-chairs@ietf.org >> >>>>>> <mailto:cose-chairs@ietf.org>; goran.selander@ericsson.com >> >>>>>> <mailto:goran.selander@ericsson.com>; cose@ietf.org >> >>>>>> <mailto:cose@ietf.org> Subject: Stephen Farrell's Discuss on >> >>>>>> draft-ietf-cose-msg-20: (with DISCUSS and COMMENT) >> >>>>>> >> >>>>>> Stephen Farrell has entered the following ballot position for >> >>>>>> draft-ietf-cose-msg-20: Discuss >> >>>>>> >> >>>>>> When responding, please keep the subject line intact and reply to >> >>>>>> all email addresses included in the To and CC lines. >> >>>>>> (Feel free to cut this introductory paragraph, however.) >> >>>>>> >> >>>>>> >> >>>>>> Please refer to >> >>>>>> https://www.ietf.org/iesg/statement/discuss-criteria.html >> >>>>>> <https://www.ietf.org/iesg/statement/discuss-criteria.html> >> >>>>>> for more information about IESG DISCUSS and COMMENT positions. >> >>>>>> >> >>>>>> >> >>>>>> The document, along with other ballot positions, can be found >> >>>>>> here: https://datatracker.ietf.org/doc/draft-ietf-cose-msg/ >> >>>>>> <https://datatracker.ietf.org/doc/draft-ietf-cose-msg/> >> >>>>>> >> >>>>>> >> >>>>>> >> >>>>>> >> >>>>>>------------------------------------------------------------------ >> >>>>>>--- >> >>>>>>- >> >>>>>> >> >>>>>> >> >DISCUSS: >> >>>>>> >> >>>>>>------------------------------------------------------------------ >> >>>>>>--- >> >>>>>>- >> >>>>>> >> >>>>>> >> >>>>>> >> >>>>>> >> >Thanks for the updates in -20. I think we've only the following points >> >left. Note >> >>>>>> that 2 of those are questions to the WG chairs and not to Jim. >> >>>>>> >> >>>>>> (1.1) table 2: As-is the value type column seems to me to make >> >>>>>> CDDL normative. I don't see the natural language version that you >> >>>>>> said would be normative. >> >>>>>> >> >>>>>> Can you help me see that the changes there are such that CDDL is >> >>>>>> ok as informative? I'm not sure but as I read it there is still >> >>>>>> no natural language statement that a "counter signature" is one >> >>>>>> (or more) COSE_Signature values. >> >>>>> >> >>>>> In section 1.3 the following text was added: >> >>>>> >> >>>>> Two syntaxes from CDDL appear in this document as shorthand. >> >>>>> These are: >> >>>>> >> >>>>> FOO / BAR - indicates that either FOO or BAR can appear here [+ >> >>>>> FOO] - indicates that the type FOO appears one or more times in an >> >>>>> array >> >>>>> >> >>>>> The value from the table is: >> >>>>> >> >>>>> COSE_Signature / [+ COSE_Signature ] >> >>>>> >> >>>>> Section 4.1 contains the text: >> >>>>> >> >>>>> The CBOR object that carries the signature and information about >> >>>>> the signature is called the COSE_Signature structure. >> >>>>> >> >>>>>> From that I think that all of the needed normative text is >> >>>>>> present. >> >>>> >> >>>> Yeah, I get that. But then I think you've embedded some CDDL >> >>>> notation at least as normative. (I mean the constructs you describe >> >>>> with FOO/BAR above.) >> >>>> >> >>>> While I do start to feel pedantry-panic that I'm saying it, if >> >>>> really treating CDDL as informative, I think you ought say in text >> >>>> that one or more COSE_Signature fields need to be in a counter >> >>>> signature. >> >>>> >> >>>> But I'm gonna clear that anyway as the whole CDDL is not normative >> >>>> thing is really pretence IMO and there's no point in me joining in >> >>>> with that further. >> >>>> >> >>>> That means that clearing this discuss is now solely down to the >> >>>> chairs saying they're happy that Jim's positions do reflect wG >> >>>> consensus. >> >>>> >> >>>> Cheers, S. >> >>>> >> >>>> >> >>>> >> >>>> >> >>>>> >> >>>>>> >> >>>>>> (2) 3.1, alg: so you're disallowing a setup where the kid alone >> >>>>>> identifies the key and algorithm to the recipient? That is used >> >>>>>> in some IETF protocols (OSPF iirc) so rhat's a pity, and will in >> >>>>>> those (maybe less common) cases consume a few bytes that could >> >>>>>> otherwise be saved. I think, but am not sure, that the WG >> >>>>>> already discussed this, but if not, maybe worth a thought? (Or >> >>>>>> even a 2nd thought:-) And appendix A.1 is really puzzling - as it >> >>>>>> provides instructions for how to not follow a MUST in the body of >> >>>>>> the document. >> >>>>>> >> >>>>>> I think we left the mail thread on this with you saying "Best to >> >>>>>> ask the chairs if they agree that this is WG consensus," >> >>>>>> as you're an admitteddly strong partisan on this topic. >> >>>>>> >> >>>>>> So, COSE chairs - what's your take? (If you say this is ok with >> >>>>>> the WG, I'll clear.) >> >>>>>> >> >>>>>> (6) section 10: why MUST the kty values be present always? >> >>>>>> That seems unnecessary in some contexts and I don't get a >> >>>>>> security reason why it's needed e.g. if there's an alg id >> >>>>>> somewhere - can you explain? I can see folks omitting this >> >>>>>> leading to interop problems for not useful reasons. (Same comment >> >>>>>> applies in other cases where kty is a MUST, e.g. >> >>>>>> 12.1.2, 12.2.1.) >> >>>>>> >> >>>>>> I think this is the similar to discuss point (2) above. >> >>>>>> >> >>>>>> So again, COSE chairs, can you confirm that this design does >> >>>>>> reflect WG consensus and isn't just a thorough and good editor >> >>>>>> getting his way? (If you say this is ok with the WG, I'll clear.) >> >>>>>> >> >>>>>> >> >>>>>> >> >>>>>>------------------------------------------------------------------ >> >>>>>>--- >> >>>>>>- >> >>>>>> >> >>>>>> >> >COMMENT: >> >>>>>> >> >>>>>>------------------------------------------------------------------ >> >>>>>>--- >> >>>>>>- >> >>>>>> >> >>>>>> >> >>>>>> >> >>>>>> >> >OLD COMMENTS BELOW, I DIDN'T CHECK THEM. Happy to chat more about >> 'em >> >>>>>> if that's useful. >> >>>>>> >> >>>>>> - 1.4: the 2nd last paragraph is unclear to me. Probably just >> >>>>>> needs re-phrasing. >> >>>>>> >> >>>>>> - 1.5: I'd add a reference to RFC5116. >> >>>>>> >> >>>>>> - 3.1, crit: The statement that security libraries or application >> >>>>>> code can handle this is odd - isn't that an API requirement? (I'm >> >>>>>> not objecting, but it's odd.) >> >>>>>> >> >>>>>> - 3.1, "content type" is the space there intended? If so, maybe >> >>>>>> add quotes or a comma or something to disambiguate the name and >> >>>>>> descriptive text? Same for other multi-word names here. >> >>>>>> >> >>>>>> - 3.1, "all the keys may need to be checked" - really? Or do you >> >>>>>> mean all the keys associated with this kid? >> >>>>>> >> >>>>>> - 3.1, IV/Partial IV - I think it's an error to define this here. >> >>>>>> What if some algorithm can't use that kind of (0|partial)^IV but >> >>>>>> needs something else instead? Shouldn't all mechanism for >> >>>>>> handling IVs be defined by the algorithm/mode? (This isn't a >> >>>>>> discuss because I can't think of a good counter example and >> >>>>>> there'd be other ways around the problem too probably.) >> >>>>>> >> >>>>>> - 4.1: signingTime is often needed with signatures. Isn't that >> >>>>>> common enough to want to define a way to do it, as an option? >> >>>>>> >> >>>>>> - 4.1: If I sign with a private key corresponding to a 2047 or >> >>>>>> 2049 bit RSA public key modulus, then is it clear what to put >> >>>>>> where in the signature bstr? (Yes, that'd be dumb, but I wonder >> >>>>>> is what to do well enough defined, as I don't think you can rule >> >>>>>> it out in all cases.) Since you don't include RSA here I guess >> >>>>>> it's ok to skip this, but maybe you need to say that such issues >> >>>>>> need to be handled in the definition of signature algs. >> >>>>>> >> >>>>>> - 4.3: "cannot bleed" isn't clear enough maybe, give an example >> >>>>>> perhaps where the decoder can fail to disambiguate a boundary? >> >>>>>> >> >>>>>> 4.4, last para: I disagree that one must (even lowercase >> >>>>>> must) check the signing identity. That's application behaviour >> >>>>>> and should be stated here in such concrete terms. >> >>>>>> At least s/must also/may also want to/ >> >>>>>> >> >>>>>> (Note - the above were comments on -18, but also seem to work >> >>>>>> based on -19. Subsequent comments are on -19.) >> >>>>>> >> >>>>>> - 7.1: "starting at the same base IV" - are you missing "and >> >>>>>> incrementing" or something? Otherwise I think this seems unclear. >> >>>>>> >> >>>>>> - 8.2.1: is the phrasing of the 1st para right? would it be >> >>>>>> better to say that the value of a key for EdDSA MUST NOT be used >> >>>>>> for ECDH and vice-versa. (Or maybe points instead of >> >>>>>> keys?) >> >>>>>> >> >>>>>> - 8.2.1: you need a reference for batch signing. (Or could it be >> >>>>>> omitted?) >> >>>>>> >> >>>>>> - section 9: I think it'd be good to be clearer about the >> >>>>>> strength of truncated MAC values. (And I can't recall the right >> >>>>>> thing to say off the top of my head:-) >> >>>>>> >> >>>>>> - 11: RFC2898 is about to be obsoleted by [1]. I suspect it'd be >> >>>>>> better to refer to the draft as that should be published soon. >> >>>>>> (Same for RFC3447 btw.) >> >>>>>> >> >>>>>> [1] >> >>>>>> https://datatracker.ietf.org/doc/draft-moriarty-pkcs5-v2dot1/ >> >>>>>> <https://datatracker.ietf.org/doc/draft-moriarty-pkcs5-v2dot1/> >> >>>>>> >> >>>>>> >> >>>>>> >> >- 12.4: Why "OKP"? And saying there's no "simple way" to do point >> >validation >> >>>>>> seems fairly opaque, a reference there or explanatory text would >> >>>>>> be good. (Ah, it's in section 13, maybe shuffle the text or >> >>>>>> include a pointer.) Octet key pair doesn't seem like that good a >> >>>>>> name to me btw. >> >>>>>> >> >>>>>> - 12.5: The 1st para seems wrong. (Or at least is unclear to >> >>>>>> me.) "Encrypted with <foo> and <bar>" seems ambiguous anyway, >> >>>>>> does it mean double encryption or two parallel ciphertexts? >> >>>>>> (I assume the former.) What's the algebraic thing you're trying >> >>>>>> to explain? It'd be good to provide that for such relatively >> >>>>>> complex operations I think. Is this what you mean? >> >>>>>> >> >>>>>> KW(KDF(DH-shared),CEK) >> >>>>>> >> >>>>>> - Table 22: The EC2 or OKP value is fixed per curve and the >> >>>>>> cryptographic function being performed so seems unnecessary. >> >>>>>> Do you really need it so? Why? (I'm not buying that some future >> >>>>>> form of ECC might mean this is needed btw - and codepoints aren't >> >>>>>> expensive here, right? So other forms of ECC can burn codepoints >> >>>>>> when that's needed and in the meantime we'd save bytes and >> >>>>>> complexity.) >> >>>>>> >> >>>>>> - Section 15: Do we have any examples of such a profile? I think >> >>>>>> it'd be great if we did and could add an informative reference >> >>>>>> here (even if that's to an early I- D). >> >>>>>> >> >>>>>> - section 19: I don't get how ECDSA is normative and the cfrg >> >>>>>> curves are not. Same for RFC6979. Maybe these all could do with >> >>>>>> checking? (No big deal IMO but maybe worth it.) >> >>>>>> >> >>>>>> - Appendices A.1 (as already noted) and A.2 are a puzzle. Why say >> >>>>>> in the body of the document to do <foo> and then an appendix that >> >>>>>> says how to do <not-foo>? >> >>>>>> >> >>>>>> - Appendix C and the implementation status section: Many thanks - >> >>>>>> great to see that! (I didn't check 'em though:-) >> >>>>>> >> >>>>>> - Thanks also for speedily handling the extensive secdir review. >> >>>>>> >> >>>>>> [2] >> >>>>>> https://www.ietf.org/mail-archive/web/secdir/current/msg06801.htm >> >>>>>> l >> >>>>>> <https://www.ietf.org/mail-archive/web/secdir/current/msg06801.ht >> >>>>>> ml> >> >> >> > > > >_______________________________________________ >COSE mailing list >COSE@ietf.org >https://www.ietf.org/mailman/listinfo/cose
- [COSE] Stephen Farrell's Discuss on draft-ietf-co… Stephen Farrell
- Re: [COSE] Stephen Farrell's Discuss on draft-iet… Jim Schaad
- Re: [COSE] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [COSE] Stephen Farrell's Discuss on draft-iet… Justin Richer
- Re: [COSE] Stephen Farrell's Discuss on draft-iet… Justin Richer
- Re: [COSE] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [COSE] Stephen Farrell's Discuss on draft-iet… Kathleen Moriarty
- Re: [COSE] Stephen Farrell's Discuss on draft-iet… Göran Selander
- Re: [COSE] Stephen Farrell's Discuss on draft-iet… Jim Schaad
- Re: [COSE] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [COSE] Stephen Farrell's Discuss on draft-iet… Carsten Bormann
- Re: [COSE] Stephen Farrell's Discuss on draft-iet… Göran Selander
- Re: [COSE] Stephen Farrell's Discuss on draft-iet… Göran Selander
- Re: [COSE] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [COSE] Stephen Farrell's Discuss on draft-iet… Jim Schaad
- Re: [COSE] Stephen Farrell's Discuss on draft-iet… Göran Selander
- Re: [COSE] Stephen Farrell's Discuss on draft-iet… Jim Schaad
- Re: [COSE] Stephen Farrell's Discuss on draft-iet… Göran Selander