Hi Warren. Much of the Security Considerations that are explaining why one needs to be careful with AES-CTR already appears in RFC 3686. Probably due to a common author ....
Russ > On May 17, 2023, at 3:38 PM, Warren Kumari via Datatracker <[email protected]> > wrote: > > Warren Kumari has entered the following ballot position for > draft-ietf-cose-aes-ctr-and-cbc-04: Yes > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-cose-aes-ctr-and-cbc/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you for yet another well written document - I found it well written, > comprehensive and clear. > > My only note is that a fair bit of the Security Considerations feels like it > might work better in an Appendix, but this is truly just an editorial opinion. > I also think that much of the Security Considerations (basically everything > after the first paragraph) would make a good standalone document (not > necessarily an RFC, but published somewhere) > > > _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
