Re: [COSE] WGLC of draft-ietf-cose-aes-ctr-and-cbc

Tue, 17 Jan 2023 19:29:18 -0800 

Hello,

Here’s a few comments that are primarily about wording and presentation.  The 
actual protocol bits defined here seems ready to me.

1) Section 3
There are two sentences that say "NIST has defined xxx modes of operation for 
use with AES...”  One of them could be removed.

2) Section 4
If it were me, I’d move / remove many of the paragraphs in section 4 to 
security considerations. For example the stuff about re-using IVs, how easy it 
is to use incorrectly and discussing about forging. My preference would be that 
section 4 only describe bytes on the wire, protocol and operations. 

3) Section 4.1
While the title is Alg IDs, much of this section is about COSE_Keys. Maybe 
split it into two, one on Alg IDs and one on COSE_Keys.

4) Section 4.1
A paragraph in 4.1 discusses catching an error were AAD is supplied expecting 
it to be authenticated. That should probably not be in the section on Alg IDs.  
If it were me, I’d move it to security considerations, but it could elsewhere 
too.

5) Section 5
Similarly, if it were me, I’d put the move / remove stuff about fresh keys and 
non-providing of integrity to security considerations.

LL






> On Jan 17, 2023, at 2:39 PM, Mike Jones 
> <[email protected]> wrote:
> 
> Dear all,
>  
> This message starts the Working Group Last Call of 
> draft-ietf-cose-aes-ctr-and-cbc 
> –https://datatracker.ietf.org/doc/html/draft-ietf-cose-aes-ctr-and-cbc 
> <https://datatracker.ietf.org/doc/html/draft-ietf-cose-aes-ctr-and-cbc> .
>  
> The working group last call will run for two weeks, ending on Tuesday, 
> January 31, 2023.
>  
> Please review and send any comments or feedback to the working group.  Even 
> if your feedback is "this is ready", please let us know.
>  
>                                                        Thank you,
>                                                        -- Mike and Ivaylo, 
> COSE Chairs
>  
> _______________________________________________
> COSE mailing list
> [email protected] <mailto:[email protected]>
> https://www.ietf.org/mailman/listinfo/cose 
> <https://www.ietf.org/mailman/listinfo/cose>

_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose

Reply via email to