s/contents algorithm/contents, I think, but otherwise LGTM. this is non-blocking, but I don't see a reason to include the AE definition in this document at all, but I"m happy to consider these issues addressed.
On Mon, Jun 15, 2020 at 10:31 AM Jim Schaad <[email protected]> wrote: > > > -----Original Message----- > From: Martin Duke via Datatracker <[email protected]> > Sent: Tuesday, June 9, 2020 10:23 PM > To: The IESG <[email protected]> > Cc: [email protected]; [email protected]; > [email protected]; Matthew Miller <[email protected]>; > [email protected] > Subject: Martin Duke's No Objection on draft-ietf-cose-rfc8152bis-algs-09: > (with COMMENT) > > Martin Duke has entered the following ballot position for > draft-ietf-cose-rfc8152bis-algs-09: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-cose-rfc8152bis-algs/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > As everyone else has pointed out, the header needs to be fixed to indicate > this is Informational, not Standards Track. > > Section 1. > s/messages transport/message transport > s/of the Javascript/of Javascript > [JLS] Done. > > Sec 1.3 > In the definitions of “AE” and “AEAD”, I don’t understand the functional > difference between authentication of “plaintext contents” (AE) and > authentication of “non-encrypted data” (AEAD). AFAICT AE isn’t actually > used in the document, so it might be easiest to simply delete it. > [JLS] I have updated the text to read as follows, does that make it > clearer? > > Authenticated Encryption (AE) <xref target="RFC5116"/> algorithms are > encryption algorithms that provide an authentication check of the contents > algorithm with the encryption service. An example of an AE algorithm used > in COSE is AES Key Wrap <xref target="RFC3394"/>. These algorithms are > used for key encryption algorithms, but AEAD algorithms would be preferred. > > Authenticated Encryption with Associated Data (AEAD) <xref > target="RFC5116"/> algorithms provide the same authentication service of > the content as AE algorithms do. They also allow for associated data to > be included in the authentication service, but which is not part of the > encrypted body. An example of an AEAD algorithm used in COSE is AES-GCM > <xref target="RFC5116"/>. These algorithms are used for content > encryption and can be used for key encryption as well. > > > Sec 1.5. Replace the URL with a reference. > [JLS] Fixed. > > I actually read this whole document but got pretty lost by the end, not > being an expert in this area. > > > > >
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
