Just a quick comment: On 2016-07-31 22:14, "COSE on behalf of Jim Schaad" <[email protected] on behalf of [email protected]> wrote:
> >“As the IV is authenticated by the > encryption process, it SHOULD be placed in the unprotected header > bucket.” >* Is there a good reason for this SHOULD? why is it better to put it in >the unprotected header? if I could I would put all my headers in the >protected and not have to bother with the unprotected part. I would >prefer the phrasing under Partial IV to be “As the IV is authenticated by >the encryption process, this value can be placed in the unprotected >header bucket” >[JLS] The strengthening of this statement was made at the request of >Göran so he should probably respond. In draft-ietf-cose-msg-14, both texts on kid and IV had the formulation "they can be placed in the unprotected headers bucket”. I asked in my review if this could instead be replaced with a recommendation, to reduce the number of options, for the benefit of the user of this specification. But I think Samuel has a point that making all headers protected could sometimes be an alternative which also simplifies for the user. I propose we change the normative statement to MAY or revert to the original formulation, both for kid and IV. Göran (going back to vacation) _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
