[COSE] Review of draft-ietf-cose-x509-05

Wed, 08 Jan 2020 01:50:28 -0800 

[ Posting as an individual ]

Dear all,

This is my review of draft-ietf-cose-x509. Overall I believe the document
is nearly ready with a few nits and phrasings that can be improved as well
as one place where additional details could be beneficial in my opinion.

== Possibly more information could be beneficial

Section 2:
* I think some more information can be added to this sentence:
    As this header attribute implies a trust relationship, the

    attribute MUST be in the protected attributes.

== Nits:

Section 1:
* s/discussions where held/discussions were held/
    In the process of writing [RFC8152] discussions where held on the

    question of X.509 certificates [RFC5280] and if there was a needed to

    provide for them.

* Improve readability

    Since that time a number of cases where X.509

certificate support is necessary have been defined.

  - to be replaced by

    Since that time a number of cases have been defined where X.509

certificate support is necessary.

* Disambiguate situations

     Some of the constrained device situations are being used where an

    X.509 PKI is already installed.
  - to be replaced by
     Constrained devices are being used in some situations where an X.509
      PKI is already installed.

* I believe it is understandable, but for me "well understood" could be
misunderstood:

The use of certificates in this scenario allows for key management to be
used

   which is well understood.

- A possible alternative is:

    In this situation the use of certificates allows for key management
using those certificates, the properties of which are well understood.


Section 2:

* s/distributer/distributor/

  This validation can be done via the PKIX rules in

   [RFC5280] or by using a different trust structure, such as a trusted
   certificate distributoer for self-signed certificates.

* s/establish a trust/establish trust/

  If the application cannot establish

   a trust in the certificate, then it cannot be used.
* s/validation the/validation of the/

COSE_Signature and COSE_Sign0 objects, in these objects they

     identify the certificate to be used for validation of the signature.


Section 5:
* s/certificate validation/certificate validity/
    In any event, both the signature and certificate validity
     MUST be checked before acting on any requests.

Best regards,
Ivaylo

_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose

Reply via email to