Sorry for now replying earlier, When reading the comments I think that we have come to a good place.
Thanks for an awesome job Jim! //Samuel On Sun, Aug 7, 2016 at 9:41 AM, Göran Selander <[email protected]> wrote: > Just a quick comment: > > On 2016-07-31 22:14, "COSE on behalf of Jim Schaad" <[email protected] > on behalf of [email protected]> wrote: > > > > >“As the IV is authenticated by the > > encryption process, it SHOULD be placed in the unprotected header > > bucket.” > >* Is there a good reason for this SHOULD? why is it better to put it in > >the unprotected header? if I could I would put all my headers in the > >protected and not have to bother with the unprotected part. I would > >prefer the phrasing under Partial IV to be “As the IV is authenticated by > >the encryption process, this value can be placed in the unprotected > >header bucket” > >[JLS] The strengthening of this statement was made at the request of > >Göran so he should probably respond. > > > In draft-ietf-cose-msg-14, both texts on kid and IV had the formulation > "they can be placed in the unprotected headers bucket”. I asked in my > review if this could instead be replaced with a recommendation, to reduce > the number of options, for the benefit of the user of this specification. > But I think Samuel has a point that making all headers protected could > sometimes be an alternative which also simplifies for the user. I propose > we change the normative statement to MAY or revert to the original > formulation, both for kid and IV. > > Göran > > (going back to vacation) > >
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
