Roman Danyliw has entered the following ballot position for draft-ietf-cose-x509-07: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-cose-x509/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Section 2. Where is the uri (CCDL) syntax/format/data type (used by x5u and x5u-sender) defined? Is this covered by CBOR tag=32? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I would like to recognize Jim Schaad’s tremendous contribution to the IETF as author, implementer, mentor and leader. Thank you to the Charlie Kaufman for the SECDIR review. This review proposes and poses a few places where clarifying text would be helpful. Please respond to it. ** Section 1. Per the github pointer with examples: -- please add this url as a reference, not an inline url -- which exact set of references are relevant to this draft? It isn’t clear how this collection of examples applies. ** Section 2. Recommend precision on the string vs. integer algorithm identifier. OLD The first element is an algorithm identifier which is an integer or a string containing the hash algorithm identifier. The algorithm is registered in the "COSE Algorithms" registry NEW The first element is an algorithm identifier which is an integer or a string containing the hash algorithm identifier corresponding to either the Value (integer) or Name (string) column of the algorithm registered in the "COSE Algorithms" registry. ** Table 1. To line up with the column names of COSE Headers Parameters registry with this table, s/Type/Value Type/ ** Section 5. Recommend pointing to Section 7 of RFC3986 to cover security considerations of URI. ** Section 5. Per “On the other hand, an oracle can potentially be built based on detecting the network resources which is only done if the signature validation passes.”, I didn’t follow what this means. ** Editorial Nits -- Section 1. Editorial. Multiple typos. OLD In the process of writing [RFC8152] the working group discussed X.509 certificates [RFC5280] ad decided that no use cases wher prestented that showed a need to support certificates NEW In the process of writing [RFC8152], the working group discussed X.509 certificates [RFC5280] and found that that no use cases were presented that showed a need to support certificates -- Section 1. Editorial. OLD for example, in the 6TiSCH environment [I-D.richardson-enrollment-roadmap], describes a device enrollment solution that relies on the presence in the device of a factory-installed certificate. NEW for example, in the 6TiSCH environment, [I-D.richardson-enrollment-roadmap] describes a device enrollment solution that relies on the presence of a factory-installed certificate on the device. -- Section 2. Editorial. s/be configured use a/be configured to us a/ -- Section 2. There appears to be a missing transition from describing x5u and Table 1 which applies to all the preceding text. _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
