COSE WG, I accidently sent the last email early. Please ignore it.
Kathleen provided comments below on draft-ietf-sacm-coswid suggesting that we use the COSE proposed algorithm identifiers for hashes in CoSWID. We are currently using the entries in the IANA Named Information Hash Algorithm Registry. It would be great to align with the COSE hash algorithms, but I can't figure out a way to point to only the hash algorithms in the COSE Algorithms registry. We can point to the draft-ietf-cose-hash-algs once its published as an RFC, but this would be less agile in the face of future updates to COSE hash algorithms. It would very useful if the COSE Algorithms registry has a column for algorithm type. That way we could select only the hash algorithms. Do you have any suggestions on how we might move forward? Regards, Dave Waltermire ________________________________ From: Waltermire, David A. (Fed) <[email protected]> Sent: Monday, November 18, 2019 8:39 PM To: [email protected] <[email protected]> Cc: sacm <[email protected]> Subject: Fw: [sacm] CoSWID review On Sun, Nov 17, 2019 at 6:45 AM Kathleen Moriarty <[email protected]<mailto:[email protected]>> wrote: Hi Dave, On Sun, Nov 17, 2019 at 3:02 AM Dave Waltermire <[email protected]<mailto:[email protected]>> wrote: Kathleen, Thank you for the review. I have addressed your comments in the latest draft. Some comments on your comments are inline below. From: sacm <[email protected]<mailto:[email protected]>> on behalf of Kathleen Moriarty <[email protected]<mailto:[email protected]>> Date: Fri, October 25, 2019 11:57 PM +0800 To: "<[email protected]<mailto:[email protected]>>" <[email protected]<mailto:[email protected]>> Subject: [sacm] CoSWID review Section 2.6: A Thumbprint is specified in this section, should this be referenced for clarity on hashes with COSE for object identification: https://datatracker.ietf.org/doc/draft-ietf-cose-hash-algs/<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-cose-hash-algs%2F&data=02%7C01%7Cdavid.waltermire%40nist.gov%7C75ba45cd96ab47c1496808d76c23fd62%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637096774138383674&sdata=7FGlZBW3KNZeR7ur3baxZKvGm5m8jYR%2BdQnng6L1%2Bmc%3D&reserved=0> Would it be better to tie to the COSE set of supported algorithms (they likely match, but I didn't verify)? The IANA COSE Algorithms registry contains other types of algorithms beyond hash algorithms. To use this registry, we would need to list the hash-specific algorithms, which is less ideal. Its a shame this registry isn't broken out by algorithm type, which would make this decision easy. With the IANA "Named Information Hash Algorithm Registry", we get only hash algorithms, which is what we are looking for. Can you live with use of the IANA "Named Information Hash Algorithm Registry"? COSE is open as is their main draft. This is a problem that can likely be solved this week... Talk to Jim. Let me and the list know what's possible.
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
