Robert Wilton has entered the following ballot position for draft-ietf-cose-countersign-09: Yes
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-cose-countersign/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Russ, I would like to say thank you for shepherding this document through the IETF process on Jim's behalf. Minor level comments: (2) p 4, sec 2. Countersignature Header Parameters following structures: COSE_Sign1, COSE_Signature, COSE_Encrypt, COSE_recipient, COSE_Encrypt0, COSE_Mac, and COSE_Mac0. It wasn't intuitive to me where these structures are defined. I found them in RFC 8152, but perhaps it would be clearer if the document terminology explicitly referenced them? (3) p 5, sec 2. Countersignature Header Parameters every map; header parameters required in specific maps are discussed above. It's not clear to me what this sentence is referring to, i.e., where parameters are specified as actually being required. (4) p 9, sec 3.3. Signing and Verification Process 3. Call the signature verification algorithm passing in K (the key to verify with), alg (the algorithm used sign with), ToBeSigned (the value to sign), and sig (the signature to be verified). This may be a daft question, but is the signature to be verified the "COSE_Countersignature[0] structure, or the "signature" field contained within it? I presume the latter, will this be obvious to readers? Nit level comments: (5) p 7, sec 3.1. Full Countersignatures term archiving services. More information on how countersignatures is used can be found in the evidence record syntax described in s/is used/are used/ (6) p 7, sec 3.1. Full Countersignatures COSE_Countersignature_Tagged = #6.9999(COSE_Countersignature) COSE_Countersignature = COSE_Signature Am I right to presume that #6.9999 is a temporary value to replaced with CBOR TBD0, perhaps worth flagging this to the RFC editor so that it doesn't get missed during the editing process? (7) p 12, sec 7.1. Author's Versions * Languages: There are three different languages that are currently supported: Java and C#. Should that be two languages, or are you missing one? (8) p 12, sec 7.1. Author's Versions * Coverage: Both implementations can produce and consume both the old and new countersignatures. Both implies two, but the beginning of section 7.1. states 3 implementations. _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
