On 2016-11-03 05:58, "Jim Schaad" <[email protected]> wrote:
> > >> -----Original Message----- >> From: Göran Selander [mailto:[email protected]] >> Sent: Wednesday, November 02, 2016 12:55 PM >> To: Jim Schaad <[email protected]> >> Cc: Stephen Farrell <[email protected]>; Justin Richer >><[email protected]>; >> [email protected]; [email protected]; The IESG >><[email protected]>; >> [email protected] >> Subject: Re: [COSE] Stephen Farrell's Discuss on >>draft-ietf-cose-msg-20: (with >> DISCUSS and COMMENT) >> >> >> >> > On 2 nov. 2016, at 18:11, Jim Schaad <[email protected]> wrote: >> > >> > >> > >> >> -----Original Message----- >> >> From: Stephen Farrell [mailto:[email protected]] >> >> Sent: Tuesday, November 01, 2016 2:16 PM >> >> To: Jim Schaad <[email protected]>; 'Justin Richer' >><[email protected]> >> >> Cc: [email protected]; [email protected]; 'The IESG' <[email protected]>; >>draft- >> ietf- >> >> [email protected] >> >> Subject: Re: Stephen Farrell's Discuss on draft-ietf-cose-msg-20: >>(with >> DISCUSS >> >> and COMMENT) >> >> >> >> >> >> Hiya, >> >> >> >>> On 01/11/16 19:17, Jim Schaad wrote: >> >>> Another thread dealing with this issue includes >> >>> https://www.ietf.org/mail-archive/web/cose/current/msg00981.html - >> >>> basically the subject is 'make "alg" field optional' >> >>> >> >>> Usual suspects (Göran, Ludwig, Francesca) on one side, me and a >> >>> couple of others on the other side. Interestingly the antis >>included >> >>> Mike who argued for this in the JOSE. >> >> >> >> Heh. To be honest, I'm not sure what's best here. Normally if >> >> it were just my design tastes against the WGs, I'd happily >> >> fold. But in this case we have an appendix that says how to >> >> not do what's a MUST in the body of the spec. And I suspect >> >> that this could damage interop depending on whether or not >> >> libraries follow the MUST or not. >> >> >> >> Do we think there's a way to square this circle and somehow >> >> get rid of the appendix to get to a result folks can all use? >> > >> > I wish I knew. The fact that the CORE draft is not even complying >>with how >> the appendix is saying to do things almost leads me to think that we >>should just >> kill that section of the appendix and re-evaluate things. > >I may have misinterpreted what Göran said and this may not be the case. > Sorry for the delay, we have had some offline discussions. I think the core of the problem is the desire to use COSE for multiple purposes, in particular: 1) 1-pass stateless message forwarding and 2) stateful message forwarding in a session; each with its requirements on message fields. In the former case it is necessary to send the algorithm, but not in the latter. In the latter it is necessary to send a session/context identifier but not in the former, and moreover there is no such field is defined in the current draft. We therefore used 'kid' for this purpose contradicting its intended use which led to this discussion. But for that particular case it is easy to resolve: We can simply defining a label for a session/context identifier, replace ‘kid’ and there are no contradictions with the current body or appendix. So I withdraw my previous comment. This does not solve the general issue with the appendix contradicting the body, but I don’t think that is possible to solve if we want to support multiple ‘modes’ of operation: Either we define explicitly different modes, and what is required/allowed in terms of message fields for these modes, or we define one mode and acknowledge that there may be other modes. (Compare Groucho Marx: "Those are my principles, and if you don't like them... well, I have others.” :-) Göran _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
