John Scudder has entered the following ballot position for draft-ietf-cose-aes-ctr-and-cbc-05: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-cose-aes-ctr-and-cbc/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks to Michael B. Jones for the shepherd write-up, without which I would have been a little lost as to why we need this document. The context was helpful. I have just two small comments about the spec. First, in If an attacker is able to strip the authentication and integrity mechanism, then the attacker can replace it with their one of their own creation s/their one/one/ Second, there are two SHOULDs in Section 8. I am curious why they aren’t MUSTs. If SHOULD is the more appropriate choice, would it be possible to provide some commentary as to when it might be fine for an implementor to deviate? _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
