Re: [secdir] secdir review of cose-msg-18

[Jim Schaad <ietf@augustcellars.com>]

Changes marked 'done' have been integrated on github.

Jim


From: Stephen Kent [mailto:kent@bbn.com] 
Sent: Wednesday, September 21, 2016 7:27 AM
To: secdir <secdir@ietf.org>; Jim Schaad <ietf@augustcellars.com>; Justin Richer <jricher@mit.edu>; Kepeng Li <kepeng.lkp@alibaba-inc.com>; Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Subject: secdir review of cose-msg-18

SECDIR review of draft-ietf-cose-msg-18
 

Typos and suggested rewording.
 
Section 2: 
 
The COSE object structure is designed so that there can be a large amount of common code when parsing and processing the different
security messages.
 -> The COSE object structure is designed so that there can be a large amount of common code when parsing and processing the different types of security messages.

done
 
COSE messages are also built using the concept of using layers to … 
-> COSE messages are built using the concept of layers to …

done
 
Section 3:
 
The integer and string values for labels has been divided …
 -> The integer and string values for labels have been divided …

done
 
Applications SHOULD perform the same checks that the same label …
-> Applications SHOULD verify that the same label …

done
 
Applications should have a statement if the label can be omitted.
-> Applications SHOULD (?) have a statement if the label can be omitted.

[JLS] I believe that lower case is correct here.  This would not be a requirement on the COSE protocol, but on the application that is using COSE.  It does not make sense to me to have 2119 language for this type of statement.  (Partly from an initial brow beating from Russ.)
 
Integers are from the "CoAP Content-Formats" IANA registry table. (no reference)

[JLS] What do you think should be referenced here?  Are you looking for a URL to iana.org?  Not sure that this makes sense.
 
As the IV is authenticated by the encryption process, it can be placed in the unprotected header bucket. (in general, an encryption process will not “authenticate” an IV, but use of a modified IV will yield mangled plaintext, which can be detected by an integrity check or a signature. the same comment applies to the similar statement in the “partial IV” description.)
 
[JLS] Does this work?

The IV can be placed in the unprotected header as modifying the IV will cause the decryption of the plaintext to fail.

 
Section 4:
 
Edwards Digital Signature Algorithm (EdDSA) signature algorithm and with the Elliptic Curve Digital Signature Algorithm (ECDSA) signature algorithm.
-> Edwards Digital Signature Algorithm (EdDSA) (cite) and with the Elliptic Curve Digital Signature Algorithm (ECDSA) (cite).

[JLS] I think it is excessive, but done.

 
One of the features supplied in the COSE document is the ability…
-> One of the features offered by the COSE format is the ability …

done
 
This algorithm takes in the body information …
-> The signing and verification processes take in the body information …

done
 
Counter signatures provide a method of having a different signature occur on some piece of content.
-> Counter signatures provide a method of associating different signatures generated by different signers with some piece of content.

done
 
 
Section 5
 
Other:  The key is randomly generated.
-> Other:  The key is randomly or pseudo-randomly generated.
 
done
 
Section 6
 
(This knowledge of sender assumes that there are only two parties involved and you did not send the message yourself.)
-> (This knowledge of sender assumes that there are only two parties involved and you did not send the message to yourself.)
 
done
 
Section 15:
 
It is intended that a profile of this document be created that
defines the interopability
-> It is intended that a profile of this document be created that
   defines the interoperability

done