[Gen-art] Genart last call review of draft-ietf-cose-key-thumbprint-04
Mallory Knodel via Datatracker <noreply@ietf.org> Mon, 01 April 2024 19:48 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: gen-art@ietf.org
Delivered-To: gen-art@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A5DF8C15171B; Mon, 1 Apr 2024 12:48:33 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Mallory Knodel via Datatracker <noreply@ietf.org>
To: gen-art@ietf.org
Cc: cose@ietf.org, draft-ietf-cose-key-thumbprint.all@ietf.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.9.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <171200091366.38704.3299311569840532273@ietfa.amsl.com>
Reply-To: Mallory Knodel <mknodel@cdt.org>
Date: Mon, 01 Apr 2024 12:48:33 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/0Zp-YykWXAo9w9_gklWnhg2CVyc>
Subject: [Gen-art] Genart last call review of draft-ietf-cose-key-thumbprint-04
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.39
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2024 19:48:33 -0000
Reviewer: Mallory Knodel Review result: Ready with Issues I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://wiki.ietf.org/en/group/gen/GenArtFAQ>. Document: draft-ietf-cose-key-thumbprint-?? Reviewer: Mallory Knodel Review Date: 2024-04-01 IETF LC End Date: 2024-04-02 IESG Telechat date: Not scheduled for a telechat Review Major The assumption that fingerprints are being used as a naming scheme comes up in the final sentence of the draft. Perhaps there are other uses but if this is the main one imagined by this draft then perhaps this could be treated gently in the introduction, along with some other usage ideas. Also in the Introduction: The summary should be clear that the hash is a fingerprint, at least such that the reader is clear that the terms are interchangeable. Minor 3. #1 Should reference section 4.0 5.3 The only prerequisites are that the COSE Key representation of the key be defined —> should followed versus defined be used? 5.4 COSE Key Thumbprint values are computed on the COSE Key element required to represent a key, rather than all members of a COSE Key that the key is represented in. — should values versus members be used? 5.5 the section title is multiple methods but the section treats only one? Text should clarify the use of “Approach” vs “case” for readability 5.5 cnf is not defined anywhere 5.6 I don’t know why we are not simply assuming interoperability and only specifying this. “To promote interoperability among implementations, the SHA-256 hash algorithm is mandatory to implement.” Furthermore shouldn’t there be a MUST? And lastly Section 7 repeats this phrase— should it be put elsewhere, perhaps in a more prominent place? 7. While thumbprint values are valuable for identifying legitimate keys, comparing thumbprint values is not a reliable means of excluding the use of particular keys (or transformations thereof) —> useful instead of valuable? Nits Section 3. #1 “what, if necessary, what the unique encoding is” has one too many whats. General: expand acronyms on first use
- [Gen-art] Genart last call review of draft-ietf-c… Mallory Knodel via Datatracker