Hi Jim, Answers inline.
Francesca -----Original Message----- From: Jim Schaad [mailto:[email protected]] Sent: den 9 juni 2016 20:34 To: Francesca Palombini <[email protected]>; 'Carsten Bormann' <[email protected]>; 'Justin Richer' <[email protected]> Cc: 'cose' <[email protected]> Subject: RE: [COSE] WGLC Thanks for the review. Comments interspersed below > -----Original Message----- > From: COSE [mailto:[email protected]] On Behalf Of Francesca > Palombini > Sent: Thursday, June 09, 2016 1:05 AM > To: Carsten Bormann <[email protected]>; Justin Richer <[email protected]>; > [email protected] > Cc: cose <[email protected]> > Subject: Re: [COSE] WGLC > > Hello, > > Carsten and Jim, I just sent a pull request to fix some editorials > (btw some were already fixed in the git compared to the ietf one), I > may have left some of course. > > I am happy with the draft, minor comments: > - the Base IV has been added to the COSE Key, but is not in the CDDL. > Is there a reason or it was simply forgotten? (section 7.1) That was an oversight. > - I'm not sure what you wanted to say in a sentence in section 11.2, > which has some editorial, so I couldn't fix it: "(This practice means > if algorithm A is broken and thus can is easier to find, the key > derived for algorithm B will not be the same as the key for algorithm B.)" The last B should be an A. [FP] Ok, then that "can is" should probably be "the key is", or something else? just an editorial again. > - Same with this sentence in section 12.4.1 "Since the only the math > is changed by changing the curve, the curve is not fixed for any of > the algorithm identifiers we define." Maybe fixing the editorial will > make it more clear, but right now I don't really understand it. Does this work better? The math used to obtain the computed secret is based on the curve selected and not on the ECDH algorithm. For this reason, a new algorithm does not need to be defined for each of the curves. Note that I am planning on changing the title of the next bullet to "Computed Secret to Shared Secret" and update the text following accordingly. [FP] Yes it does, and I think this is a good title change too. > - Example C.2.1. is missing the comment for the signature Your right - how odd. > > Otherwise, I am satisfied with the draft (including the appendices), > thank you for the great work! I appreciated that you introduce the > table with the parameters in the beginning of each section. I think it > makes it easier to understand at what level those parameters should be used. > > One question, maybe I missed it or maybe I lack experience: I see you > define in section 15. "Application Profiling Considerations" that an > application may define new header parameters; what would be the > process to register labels for new parameters? This is done by the normal IANA processes. That is one writes a document of some type and requests that an IANA registration is done in the appropriate registry. An example of how this would be done can be found in section 16.9. If one writes the document as an RFC, the request to IANA occurs automatically as part of the workflow of a document. If one is writing the document outside of the IETF then one needs to send an email to IANA to request the registration. As part of the IANA registration process, a designated export for the registry (to be determined by the IESG) would review the request and either approve it, suggest changes or deny the registration. I have not created a template for the registration, but the set of fields to be included in the registration are defined. Section 16.10 gives general guidance to the reviewers [FP] Ok. thanks for the explanation! Jim > > Francesca > > > -----Original Message----- > From: COSE [mailto:[email protected]] On Behalf Of Carsten Bormann > Sent: den 8 juni 2016 18:07 > To: Justin Richer <[email protected]> > Cc: cose <[email protected]> > Subject: Re: [COSE] WGLC > > Hi Justin, > > expect my full review by the end of this week (and a pull request for > the editorial nits). > > (Yes, there is a little work to do still, but so far I'm quite happy.) > > Grüße, Carsten > > > Justin Richer wrote: > > Hi everyone, > > > > Has anybody read the draft? Comments, thoughts, snide remarks? > > > > — Justin > > > > _______________________________________________ > > COSE mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/cose > > > > > > _______________________________________________ > COSE mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/cose > _______________________________________________ > COSE mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/cose _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
