Re: [Last-Call] CORRECTED Last Call: <draft-ietf-cose-key-thumbprint-04.txt> (CBOR Object Signing and Encryption (COSE) Key Thumbprint) to Proposed Standard

Michael Jones <michael_b_jones@hotmail.com> Wed, 20 March 2024 01:08 UTC

From: Michael Jones <michael_b_jones@hotmail.com>
To: "last-call@ietf.org" <last-call@ietf.org>, IETF-Announce <ietf-announce@ietf.org>
CC: "cose-chairs@ietf.org" <cose-chairs@ietf.org>, "cose@ietf.org" <cose@ietf.org>, "draft-ietf-cose-key-thumbprint@ietf.org" <draft-ietf-cose-key-thumbprint@ietf.org>, "paul.wouters@aiven.io" <paul.wouters@aiven.io>
Thread-Topic: CORRECTED Last Call: <draft-ietf-cose-key-thumbprint-04.txt> (CBOR Object Signing and Encryption (COSE) Key Thumbprint) to Proposed Standard
Thread-Index: AQHadQheDfj37rV02UKHSPU9hpxvS7E/2hmg
Date: Wed, 20 Mar 2024 01:08:17 +0000
Message-ID: <SJ0PR02MB743984E1BAF35BFAD2E83DA1B7332@SJ0PR02MB7439.namprd02.prod.outlook.com>
References: <171030817401.20617.4690008873499642574@ietfa.amsl.com>
In-Reply-To: <171030817401.20617.4690008873499642574@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: FDJQT8Pxj2W4lyE6dZwUmp/0KaxgeEK0UyUbyBvlYRsQnTU8NdUqi7vbaNRfxlWHRFGmQ82mOktauPUeTkrCJ1TmC7wiCTy0bEF+NmA7Aj99fWXFjSMLRl2Dr/f/pbzwaRvLaPtEUffqzJTzwroVG7e6cJG/X4tn0cHu+dtBh/mTZcPrCfmQYAkk/SSmEBSvOLQXSHOVZC1zVvKalM1DVHw80HWvFUPZ3nwljolF+zUFAjhIPC49pnp+IZWQpmhZci56feE6Z+tndWRq1QVOKQ58N/XU568xI1VYa6pR3NlmFVaA4wTdEHmmDNRE6IFI9ER8DhV3y1EKDcnYoV4/gJSuWZvafPoVP9xjS9b0LzlD9WbfP6kuV9jcuclRRcp1p/4tMsuEK1UYfqwG2rt85tWNtn4Atnh55LmUseAb4w5QNgZggvZPZaBEQjDeGk5ZRa7AEC6BBEdxXQdsYyIELY5cBycu19eDbUGMK4/Lgl7ywqXY8GtKDmd7FiuyPXuIuY14vky565kbanaeqN3C+f3sNYNK7MJm9JgtwtmfV6aOqSw6V+e02hBSJK+Sh4rIfD4/O7o2JkICzSaMtCZTnwsXS5mikQc3yPXWy+XX8E+YkeipPT1FQvI8yvxfH2TtUvHFx1Il/IDmihDnsl7TpwxfPXG8quJW/1hN58ZCHcWSeDLOuHtNo2n+KZrxbu7chbtnBhJkNDGiukME9L1u0xeu+YPcLPQx5/r/Hy36PEriL86y2GMognqabp+Rpu2GqCnKL4fJ335R/ChiTHOosnuCGFciQ6oC5gMuE1F2rP3wiqCnQj7DntsiKVSNIDtiqcuw+MrI6y1woH2Cj+2/RvIKx97ausXubXc/cv8XSVZprXo2NVg6Ce10VTV3vsDk1GwwxVD1p7aC5/4Mb05/VMhJOkEU8wabXV94cXzmwkAe+BlDi4Qv/igm34Yo/2l1FNpDr72Psr4nkp12aizNGLi4Dwl2sCyBnKBlI4GhPPBxZWcXo+FbWeyqi9cET9AkakCmzpJQK8UIRA22KFk7Tof0SXxdI9/F1AJDDZFf4OP0Ll3w4U2HOBrESuXu+n5A2FoOXNldB1DuddpE4ay/OkybVAUpWfli7BZP7I/Ma8DsyI2rfM797LH/7W0Y5KfofeNZAaErIN96NaxAyN7UfWFfvP17jya39JqwrZz0Cjw+TSIiuquPl7x+9VR4C4gXQQ/rJ2fgDxV8Vepx9Yx8Ux1XsROMlukw1Zmwptx2sPtLFSk04wrkg5XxrW0X2FfBCa/SzRZbRNO1Z+XvosuaHDwmdw09i98F2nYYXMqgumc=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-3d941.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB7439.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 36fb3ebb-fc54-4d80-3d52-08dc487a39fc
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Mar 2024 01:08:17.5366 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR02MB7500
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/KkP6AR7M8E7iaVf-aM3g9pnczJs>
Subject: Re: [Last-Call] CORRECTED Last Call: <draft-ietf-cose-key-thumbprint-04.txt> (CBOR Object Signing and Encryption (COSE) Key Thumbprint) to Proposed Standard
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2024 01:08:44 -0000

The document currently requests registration of the "ckt" (COSE Key Thumbprint) confirmation method as follows:

   *  Confirmation Method Name: ckt
   *  Confirmation Method Description: COSE Key Thumbprint
   *  JWT Confirmation Method Name: jkt
   *  Confirmation Key: [[TBD1]]
   *  Confirmation Value Type(s): binary string
   *  Change Controller: IESG
   *  Specification Document(s): [[This document]]

This is not parallel to the "jkt" (JWK SHA-256 Thumbprint) registration at https://www.iana.org/assignments/jwt/jwt.xhtml#confirmation-methods, in that it doesn't include the hash function.

Please change "COSE Key Thumbprint" to "COSE Key Thumbprint using SHA-256 Hash Function".

                                Thanks,
                                -- Mike

-----Original Message-----
From: iesg-secretary@ietf.org <iesg-secretary@ietf.org>
Sent: Wednesday, March 13, 2024 3:36 PM
To: IETF-Announce <ietf-announce@ietf.org>
Cc: cose-chairs@ietf.org; cose@ietf.org; draft-ietf-cose-key-thumbprint@ietf.org; michael_b_jones@hotmail.com; paul.wouters@aiven.io
Subject: CORRECTED Last Call: <draft-ietf-cose-key-thumbprint-04.txt> (CBOR Object Signing and Encryption (COSE) Key Thumbprint) to Proposed Standard


The IESG has received a request from the CBOR Object Signing and Encryption WG (cose) to consider the following document: - 'CBOR Object Signing and Encryption (COSE) Key Thumbprint'
  <draft-ietf-cose-key-thumbprint-04.txt> as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org mailing lists by 2024-04-02. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting.

Abstract


   This specification defines a method for computing a hash value over a
   COSE Key. It defines which fields in a COSE Key structure are used in
   the hash computation, the method of creating a canonical form of the
   fields, and how to hash the byte sequence.  The resulting hash value
   can be used for identifying or selecting a key that is the subject of
   the thumbprint.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-cose-key-thumbprint/



No IPR declarations have been submitted directly on this I-D.


The document contains these normative downward references.
See RFC 3967 for additional information:
    rfc9053: CBOR Object Signing and Encryption (COSE): Initial Algorithms (Informational - Internet Engineering Task Force (IETF))
    rfc6755: An IETF URN Sub-Namespace for OAuth (Informational - Internet Engineering Task Force (IETF))

Re: [Last-Call] CORRECTED Last Call: <draft-ietf-… Michael Jones