-----Original Message----- From: Martin Duke via Datatracker <[email protected]> Sent: Tuesday, June 9, 2020 10:23 PM To: The IESG <[email protected]> Cc: [email protected]; [email protected]; [email protected]; Matthew Miller <[email protected]>; [email protected] Subject: Martin Duke's No Objection on draft-ietf-cose-rfc8152bis-algs-09: (with COMMENT)
Martin Duke has entered the following ballot position for draft-ietf-cose-rfc8152bis-algs-09: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-cose-rfc8152bis-algs/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- As everyone else has pointed out, the header needs to be fixed to indicate this is Informational, not Standards Track. Section 1. s/messages transport/message transport s/of the Javascript/of Javascript [JLS] Done. Sec 1.3 In the definitions of “AE” and “AEAD”, I don’t understand the functional difference between authentication of “plaintext contents” (AE) and authentication of “non-encrypted data” (AEAD). AFAICT AE isn’t actually used in the document, so it might be easiest to simply delete it. [JLS] I have updated the text to read as follows, does that make it clearer? Authenticated Encryption (AE) <xref target="RFC5116"/> algorithms are encryption algorithms that provide an authentication check of the contents algorithm with the encryption service. An example of an AE algorithm used in COSE is AES Key Wrap <xref target="RFC3394"/>. These algorithms are used for key encryption algorithms, but AEAD algorithms would be preferred. Authenticated Encryption with Associated Data (AEAD) <xref target="RFC5116"/> algorithms provide the same authentication service of the content as AE algorithms do. They also allow for associated data to be included in the authentication service, but which is not part of the encrypted body. An example of an AEAD algorithm used in COSE is AES-GCM <xref target="RFC5116"/>. These algorithms are used for content encryption and can be used for key encryption as well. Sec 1.5. Replace the URL with a reference. [JLS] Fixed. I actually read this whole document but got pretty lost by the end, not being an expert in this area. _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
