[jose] draft-jones-cose-rsa
Jim Schaad <ietf@augustcellars.com> Sun, 01 January 2017 23:34 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E171129519 for <jose@ietfa.amsl.com>; Sun, 1 Jan 2017 15:34:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.894
X-Spam-Level:
X-Spam-Status: No, score=-3.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, LOCALPART_IN_SUBJECT=1.107, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BdmUgjSNAz9j for <jose@ietfa.amsl.com>; Sun, 1 Jan 2017 15:34:26 -0800 (PST)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD0CF1294A9 for <jose@ietf.org>; Sun, 1 Jan 2017 15:34:25 -0800 (PST)
Received: from hebrews (24.21.96.37) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Sun, 1 Jan 2017 15:53:50 -0800
From: Jim Schaad <ietf@augustcellars.com>
To: draft-jones-cose-rsa@tools.ietf.org
Date: Sun, 01 Jan 2017 15:34:11 -0800
Message-ID: <012d01d26487$8fb4d080$af1e7180$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdJj3G5A8Mg3MokbT1CbCGHSigaDpA==
Content-Language: en-us
X-Originating-IP: [24.21.96.37]
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/ki2_qJIbzB6ZkSufR1B3GC84gds>
Cc: jose@ietf.org
Subject: [jose] draft-jones-cose-rsa
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Jan 2017 23:34:27 -0000
Comments: 0. Should this be done in curdle rather than as AD sponsored? 1. As per previous mail, remove values assignments in tables 1, 2, and 3 unless you have cleared them with the appropriate registry experts. I am less worried about table 4 but you should clear that as well. 2. Kill RSAES-OAP w/ SHA-1. We are not doing SHA-1 currently with any of the CBOR algorithms. In section 3.1.1.1 - what are the properties that are needed here for SHA-1 so we can ensure that the statement is true. Also, rename this to be s/ SHA-1 not w/ Default. There are no defaults for COSE. 3. Text in 3.1.1.1 and 2.1.1 should be more consistent in how it is written. 4. in the abstract be more specific about which RSA algorithms are being supported. For example, you are not doing 1.5 or KEM. 5. Why does 3.1.1.1 have a size and 2.1.1 not have one. This should be consistent. 6. section 3.1.1.1 should be encryption operation not decryption operation. 7. Section 3.1.1.1 - this text does not make sense "One potential denial of service operation is to provide encrypted objects using either abnormally long or oddly sized RSA modulus values." Should probably refer to keys not encrypted objects. 8. There is a requirement of minimum encoding lengths - what purpose does this serve? Is there a security problem here or is it just a nice to have because of message size? 9. Missing some security considerations. 10 Section 2.1.1 s/hash functions are not truncated/hash function outputs are not truncated/
- [jose] draft-jones-cose-rsa Jim Schaad
- Re: [jose] draft-jones-cose-rsa Mike Jones