Thanks Michael, Case in point: https://mailarchive.ietf.org/arch/msg/cose/3YfGTnI8fdJwl4fS_OFw2AFxXNE/
Göran On 2021-01-28, 14:50, "Michael Richardson" <[email protected]> wrote: Göran Selander wrote: > It isn't clear to me when to follow the guidance in [1] and when to > make an exception. Just because there is one exception doesn't seem > like reason enough to register bespoke bundlings. Perhaps the WG needs to better understand the request in order to think about whether or not you should grant an exception. I guess that the request includes a bundling of things. Perhaps the requestor just believes that they must do that, but didn't intend to create an exception? > There are different principles in action here. Security is one, where a > bundling is made to ensure suitable combinations. Structure and > economy of code points seems to be another, where it may become an > issue managing the numbers if every potential bundling of parameters > can get a unique assignment. Agreed. > 2. Another point relates to how specifications use COSE code > points. For example, [1] recommends the use of deterministic ECDSA. If > that is not used, is that reason to register another ECDSA code point? Yes, but not necessarily a short one :-) > Or, if the cofactor of the curve is not equal to 1, is that reason to > register another ECDSA code point? In other words, to what extent is > the IANA number registration bundled with certain properties for which > there is no register? > An alternative to make new assignments is that the referencing document > re-uses existing code points and specifies how they are used, including > why and how deviations are made from the math or the recommendations. That would seem to lead to interoperability issues, and also complexity for those creating reuseable libraries. > 3. ECDH-EE is not specified in [1], whereas ECDH-ES and ECDH-SS are > carefully distinguished in the registries. I would be hesitant to > register ECDH-EE algorithms without any supporting specification > describing how it is expected to be used in general. What does the WG > think? I think that the use case needs to be clear. -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
