Thanks for your review, Ivo. Tobias and I have published
https://www.ietf.org/archive/id/draft-ietf-cose-cwt-claims-in-headers-04.html
to address your suggestions 1 and 2.
Suggestion 3 on the PDF formatting is something that we could likely use help
from the RFC Editor on, when we get to that point. (Unless someone else in the
working group has a suggestion before that.)
Best wishes,
-- Mike
From: COSE <[email protected]> On Behalf Of Ivaylo Petrov
Sent: Thursday, April 6, 2023 1:15 PM
To: Tobias Looker <[email protected]>; Mike Jones
<[email protected]>
Cc: cose <[email protected]>
Subject: [COSE] individual review draft-ietf-cose-cwt-claims-in-headers-03
Hi,
I reviewed draft-ietf-cose-cwt-claims-in-headers-03 as an individual. Please
find my comments below.
Issues:
1. Please add the normal terminology section in sec 2 (example [1]).
2. I think it will make sense to add something more to the security
considerations - for example something along the lines of `also read the CWT
security considerations` and/or `it is the responsibility of the application to
ensure that only claims that are safe to be transmitted in an unencrypted
manner are replicated in CWT claims`.
3. The PDF formatting is really suboptimal - see the header on p1 (I am not
sure if you can do anything about this, but mentioning it nevertheless).
Nits:
- in sec 5 /such as structure/such a structure/
- sec 5 again, the MUST verify seems more like SHOULD verify to me, but I don't
feel strongly about it.
With my chair hat on, with those issues handled, I don't see any obstacles to
sending WGLC for this document.
Best regards,
Ivaylo
[1]: https://www.rfc-editor.org/rfc/rfc9338.html#section-1.1
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
