On 2023-05-30, at 18:31, Michael Richardson <[email protected]> wrote: > > Signed PGP part > >> I just posted a mail to the TEEP list to motivate the publication of >> https://datatracker.ietf.org/doc/html/draft-isobe-cose-key-thumbprint. > > It looks like a great document. > It looks finished... adopt it and WGLC it already.
I also think that this will be great to have. I have one editorial comment: Why do I have to read the whole thing up to the last paragraph of the security considerations included, so that I can learn what the security objective was? For a new security primitive (or primitive that plays in the security space), the security objective(s) should be among the first couple of paragraphs of the introduction (and at least alluded to in the abstract). (The security considerations can then muse why or why not the security objective was attained. But putting up a package called “mush” in a supermarket alley and then having to read all of the fine print to find out whether it actually is meant for human consumption is not the right approach.) Grüße, Carsten _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
