Re: [COSE] Feedback on draft-ietf-cose-webauthn-algorithms-01

Thu, 24 Oct 2019 16:12:53 -0700 

These issue resolutions have been incorporated in 
https://tools.ietf.org/html/draft-ietf-cose-webauthn-algorithms-02.  Thanks 
again for your useful review!

                                                                -- Mike

From: Mike Jones
Sent: Monday, October 21, 2019 2:11 PM
To: J.C. Jones <[email protected]>; [email protected]
Cc: Kevin Jacobs <[email protected]>
Subject: RE: [COSE] Feedback on draft-ietf-cose-webauthn-algorithms-01


Thanks for the review, J.C. and Kevin.  Replies are inline below, prefixed by 
"Mike>".



                                                       Best wishes,

                                                       -- Mike



-----Original Message-----
From: COSE <[email protected]<mailto:[email protected]>> On Behalf Of 
J.C. Jones
Sent: Thursday, August 15, 2019 2:15 PM
To: [email protected]<mailto:[email protected]>
Cc: Kevin Jacobs <[email protected]<mailto:[email protected]>>
Subject: [COSE] Feedback on draft-ietf-cose-webauthn-algorithms-01



All,



We reviewed draft-ietf-cose-webauthn-algorithms-01 and only have pair of 
comments about the security considerations.



Regarding section 5.3:



While section 5.2 refers to RFC7518's guidance, currently 5.3 does not. Perhaps 
note in 5.3 something akin to "if you have an existing implementation, the 
exponent restrictions from RFC7518 also apply."



Mike> Good suggestion.  I'd be glad to do that.



Regarding section 5.4:



The first sentence uses the FIPS186-3 form P-256 when everything else in this 
document would imply we'd refer to it as secp256r1, though rfc8152bis uses the 
P-256 form. Perhaps all readers of this document would be able to avoid 
confusion, but since it's a section _about_ confusion, it seems worth pointing 
out. Perhaps a parenthetical could be added?



Mike> I propose to add a reference to "[RFC 7518]" after "P-256" to make it 
clear where the definition that we are using originates.



Kevin Jacobs and J.C. Jones



_______________________________________________

COSE mailing list

[email protected]<mailto:[email protected]>

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fcose&amp;data=02%7C01%7CMichael.Jones%40microsoft.com%7Ca35cc1dc6c6549ca013108d721c5b465%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637015005331095019&amp;sdata=MtpdnZjpVDYvFS2Tr0mfFalyhw%2FiyYQk9H7uKwJGRk8%3D&amp;reserved=0

_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose

Reply via email to