Thanks Michael,

Case in point: 
https://mailarchive.ietf.org/arch/msg/cose/3YfGTnI8fdJwl4fS_OFw2AFxXNE/

Göran

On 2021-01-28, 14:50, "Michael Richardson" <[email protected]> wrote:


    Göran Selander wrote:
        > It isn't clear to me when to follow the guidance in [1] and when to
        > make an exception. Just because there is one exception doesn't seem
        > like reason enough to register bespoke bundlings.

    Perhaps the WG needs to better understand the request in order to think 
about
    whether or not you should grant an exception.
    I guess that the request includes a bundling of things.
    Perhaps the requestor just believes that they must do that, but didn't 
intend
    to create an exception?

        > There are different principles in action here. Security is one, where 
a
        > bundling is made to ensure suitable combinations.  Structure and
        > economy of code points seems to be another, where it may become an
        > issue managing the numbers if every potential bundling of parameters
        > can get a unique assignment.

    Agreed.

        > 2. Another point relates to how specifications use COSE code
        > points. For example, [1] recommends the use of deterministic ECDSA. If
        > that is not used, is that reason to register another ECDSA code point?

    Yes, but not necessarily a short one :-)

        > Or, if the cofactor of the curve is not equal to 1, is that reason to
        > register another ECDSA code point? In other words, to what extent is
        > the IANA number registration bundled with certain properties for which
        > there is no register?

        > An alternative to make new assignments is that the referencing 
document
        > re-uses existing code points and specifies how they are used, 
including
        > why and how deviations are made from the math or the recommendations.

    That would seem to lead to interoperability issues, and also complexity for
    those creating reuseable libraries.

        > 3. ECDH-EE is not specified in [1], whereas ECDH-ES and ECDH-SS are
        > carefully distinguished in the registries. I would be hesitant to
        > register ECDH-EE algorithms without any supporting specification
        > describing how it is expected to be used in general. What does the WG
        > think?

    I think that the use case needs to be clear.


    --
    Michael Richardson <[email protected]>   . o O ( IPv6 IøT consulting )
               Sandelman Software Works Inc, Ottawa and Worldwide





_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose

Reply via email to