On 12/4/19 1:09 PM, Russ Housley wrote:
o The 'kty' field MUST be present, and it MUST be 'HSS-LMS'.
I can't find a 'kty' field in this example.
[JLS] The 'kty' field occurs in a COSE_Key and not in a COSE signed message.
This is expected.
Is there a phrase other than "When using a COSE key for this algorithm" that
would be more helpful in Section 3?
Sorry, this was mostly me reading too quickly. You're probably fine with
no change, although modifying the phrasing along the lines of "...the
following checks are made on the key:" might be slightly clearer.
Also, this example uses '-46' as the identifier for HSS-LMS, while section 6.1 specifies the value
as "TBD." This example needs a clear note added for the RFC editor that the
"-46" needs to be replaced by the IANA-assigned value. A similar annotation will be
required for the 'kty' field, regarding the value assigned for section 6.2.
[JLS] The powers that be (me) have declared that -46 is going to be the IANA-assigned
value. Telling IANA to replace the "-46" with anything else would require that
the example be re-generated or the signature would not verify.
I suggest the addition of:
{{{ RFC Editor: This example assumes that -46 will be assigned for
the HSS-LMS algorithm. If another value is assigned, then the
example needs to be regenerated. }}}
This sounds good to me. I've seen other i-ds do something like the
following, which seems helpful (in addition to the note above):
Value: TBD (Value between -256 and 255 to be assigned by IANA,
with -46 preferred)
/a
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
