Hi Russ, On Fri, Dec 06, 2019 at 12:26:58PM -0500, Russ Housley wrote: > Ben: > > Trimming to the one unresolved comment... > > >>> ---------------------------------------------------------------------- > >>> COMMENT: > >>> ---------------------------------------------------------------------- > >>> > >>> Related to the above Discuss, should we have an explicit statement that > >>> we do > >>> not define a way to convey an HSS/LMS private key in a COSE_Key object? > >>> (I think it is correct to not define such a thing, since conveying a > >>> stateful private key is something of a non-sequitur.) > >> > >> I agree that we do not want to define such a structure. I'm not sure > >> where to say anything about it. > > > > The best place I can see is in Section 5 (Operational Considerations), as > > something like "Because of the need to maintain state across invocations of > > the signing algorithm, a COSE Key Type Parameter for encoding the private > > key (and its state) is deliberately not defined; serializing the state for > > conveyance presents too great a risk of state reuse to justify any > > potential benefit from doing so." > > I suggest: > > A COSE Key Type Parameter for encoding the HSS/LMS private key and > the state about which tree nodes have been used is deliberately not > defined. It was not defined to avoid creating the ability to save > the private key and state, generate one or more signatures, and then > restore the private key and state. Such a restoration operation > provides disastrous opportunities for tree node reuse.
That works for me; thanks! -Ben _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
