[COSE] Warren Kumari's No Objection on draft-ietf-cose-hash-algs-04: (with COMMENT)
Warren Kumari via Datatracker <noreply@ietf.org> Mon, 01 June 2020 13:25 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: cose@ietf.org
Delivered-To: cose@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 272973A1030; Mon, 1 Jun 2020 06:25:50 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Warren Kumari via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-cose-hash-algs@ietf.org, cose-chairs@ietf.org, cose@ietf.org, Ivaylo Petrov <ivaylo@ackl.io>, ivaylo@ackl.io
X-Test-IDTracker: no
X-IETF-IDTracker: 7.1.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Warren Kumari <warren@kumari.net>
Message-ID: <159101794967.27986.902730371235702504@ietfa.amsl.com>
Date: Mon, 01 Jun 2020 06:25:50 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/sKMz_orTIDXylD3NI3rYe5HCl68>
Subject: [COSE] Warren Kumari's No Objection on draft-ietf-cose-hash-algs-04: (with COMMENT)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2020 13:25:50 -0000
Warren Kumari has entered the following ballot position for draft-ietf-cose-hash-algs-04: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-cose-hash-algs/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you for writing this - it was an interesting read. I do have one issue, which I cannot tell if it is simply me being dumb, or if the text needs more work. “ Doing indirect signing allows for a signature to be validated without first downloading all of the content associated with the signature. This capability can be of even greater importance in a constrained environment as not all of the content signed may be needed by the device.” I’m unclear how this works — itseems clear enough that I can verify that the signature matches the hash, but doesn’t the device need to still download and compute the hash over all of the content? Otherwise I could take a hash and signature from content A, and claim that it is for content B. Sure, if the signature **doens’t** match the hash I know not to bother downloading the content at all, but if the sig does match the hash I still need to download the content to check that the hash is for this content.... Please help educate me! Nit: “ A pointer to the value that was hashed. this could” — s/this/This/
- [COSE] Warren Kumari's No Objection on draft-ietf… Warren Kumari via Datatracker
- Re: [COSE] Warren Kumari's No Objection on draft-… Jim Schaad
- Re: [COSE] Warren Kumari's No Objection on draft-… Barry Leiba
- Re: [COSE] Warren Kumari's No Objection on draft-… Jim Schaad
- Re: [COSE] Warren Kumari's No Objection on draft-… Warren Kumari
- Re: [COSE] Warren Kumari's No Objection on draft-… Jim Schaad
- Re: [COSE] Warren Kumari's No Objection on draft-… Warren Kumari