Göran Selander wrote:
> It isn't clear to me when to follow the guidance in [1] and when to
> make an exception. Just because there is one exception doesn't seem
> like reason enough to register bespoke bundlings.
Perhaps the WG needs to better understand the request in order to think about
whether or not you should grant an exception.
I guess that the request includes a bundling of things.
Perhaps the requestor just believes that they must do that, but didn't intend
to create an exception?
> There are different principles in action here. Security is one, where a
> bundling is made to ensure suitable combinations. Structure and
> economy of code points seems to be another, where it may become an
> issue managing the numbers if every potential bundling of parameters
> can get a unique assignment.
Agreed.
> 2. Another point relates to how specifications use COSE code
> points. For example, [1] recommends the use of deterministic ECDSA. If
> that is not used, is that reason to register another ECDSA code point?
Yes, but not necessarily a short one :-)
> Or, if the cofactor of the curve is not equal to 1, is that reason to
> register another ECDSA code point? In other words, to what extent is
> the IANA number registration bundled with certain properties for which
> there is no register?
> An alternative to make new assignments is that the referencing document
> re-uses existing code points and specifies how they are used, including
> why and how deviations are made from the math or the recommendations.
That would seem to lead to interoperability issues, and also complexity for
those creating reuseable libraries.
> 3. ECDH-EE is not specified in [1], whereas ECDH-ES and ECDH-SS are
> carefully distinguished in the registries. I would be hesitant to
> register ECDH-EE algorithms without any supporting specification
> describing how it is expected to be used in general. What does the WG
> think?
I think that the use case needs to be clear.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
