Roman: > -- The text of this document doesn't seem to explicitly say what section of > RFC8152 is being updated and in what way. The closest is the guidance of the > revised IANA table. Typically, an explicit statement would be made. Could > something to the effect of "The countersignature approach described in > Section 4.5 of RFC8152 is deprecated" be added somewhere.
Please provide some guidance on this one. This document defines a countersignature algorithm along with the needed header parameters and CBOR tags for COSE. As the document Introduction says: During the process of advancing COSE to an Internet Standard, it was noticed the description of the security properties of countersignatures was incorrect for the COSE_Sign1 structure. Since the security properties that were described, those of a true countersignature, were those that the working group desired, the decision was made to remove all of the countersignature text from [I-D.ietf-cose-rfc8152bis-struct] and create a new document to both deprecate the old countersignature algorithm and to define a new one with the desired security properties. draft-ietf-cose-rfc8152bis-struct-15 is in AUTH48. See https://www.rfc-editor.org/cluster_info.php?cid=C416 As best I can tell, this cluster is waiting for the COSE WG Chairs to approve for Jim Schaad. Assuming that happens soon, should this document now update the RFC that comes from draft-ietf-cose-rfc8152bis-struct-15? If so, then a small rewording to the above paragraph to: During the process of advancing COSE to Internet Standard, it was noticed the description of the security properties of countersignatures was incorrect for the COSE_Sign1 structure. Since the security properties that were described, those of a true countersignature, were those that the working group desired, the decision was made to remove all of the countersignature text from [I-D.ietf-cose-rfc8152bis-struct]. This document defines a new countersignature with the desired security properties. Note that [I-D.ietf-cose-rfc8152bis-struct] obsoletes RFC 8152. If you agree, then this document will update the RFC that comes from draft-ietf-cose-rfc8152bis-struct-15, not RFC 8152. Russ
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
