Ben: Trimming to the one unresolved comment...
>>> ---------------------------------------------------------------------- >>> COMMENT: >>> ---------------------------------------------------------------------- >>> >>> Related to the above Discuss, should we have an explicit statement that we >>> do >>> not define a way to convey an HSS/LMS private key in a COSE_Key object? >>> (I think it is correct to not define such a thing, since conveying a >>> stateful private key is something of a non-sequitur.) >> >> I agree that we do not want to define such a structure. I'm not sure where >> to say anything about it. > > The best place I can see is in Section 5 (Operational Considerations), as > something like "Because of the need to maintain state across invocations of > the signing algorithm, a COSE Key Type Parameter for encoding the private > key (and its state) is deliberately not defined; serializing the state for > conveyance presents too great a risk of state reuse to justify any > potential benefit from doing so." I suggest: A COSE Key Type Parameter for encoding the HSS/LMS private key and the state about which tree nodes have been used is deliberately not defined. It was not defined to avoid creating the ability to save the private key and state, generate one or more signatures, and then restore the private key and state. Such a restoration operation provides disastrous opportunities for tree node reuse. Russ _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
