Ilari, Thank you for this feedback. Regarding "deterministic" encoding you are correct, this should reference Section 4.2.1 of RFC 8949.
For COSE layer numbering, I can't actually find a statement anywhere outside of Appendix B of RFC 9052 that indicates that the first layer is named "Layer 0" but I'm happy to follow the convention and update the draft. The content of Section 3.2 is intended to be overly explicit for users who are not familiar with the expansive possibilities available with COSE. This is supposed to be a narrow interoperability profiling, but using COSE will open the door to future capabilities like HPKE and future PQC algorithms. > -----Original Message----- > From: COSE <[email protected]> On Behalf Of Ilari Liusvaara > Sent: Saturday, June 17, 2023 2:45 AM > To: [email protected] > Subject: [EXT] Re: [COSE] Use of COSE in a new context > > APL external email warning: Verify sender [email protected] before > clicking links or attachments > > On Mon, Jun 12, 2023 at 06:59:55PM +0000, Sipos, Brian J. wrote: > > All, > > > > The DTN WG was in need of a security mechanism to allow using > > asymmetric key algorithms within Bundle Protocol [2] and BPSec [3], > > and has proposed using COSE messages for this purpose [1]. It's a > > helpful side effect that COSE provides a path to future algorithms, > > but for now we are focused on interoperation within preexisting PKI > > environments. The reason I'm writing is to get some feedback from the > > COSE WG about the profile of COSE that is proposed in Section 3 [1] > > and the way in which the "additional headers" are used and AAD is > constructed in Section 2. > > What does "deterministically encoded form of a CBOR sequence" mean? A > sequence where each element is using Core Deterministic Encoding from > RFC8949? > > Nitpick: The layer numbering in COSE starts from zero, not one. > > Otherwise looks pretty sensible from COSE PoV. > > And I get the feeling that section 3.2 could be written in a lot cleaner > way. > > > And hopefully spec defining use of HPKE in COSE will be out soon... > > > > [1] https://www.ietf.org/archive/id/draft-ietf-dtn-bpsec-cose-01.html > > > > > -Ilari > > _______________________________________________ > COSE mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/cose
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
