Hi Murray,
Thanks for taking the time to review the specification.
You raise an interesting question about protocol usage of the "typ" header
parameter. Strictly speaking, this spec is defining a data structure element.
But as Gunter Van de Velde points out, this BCP-like language in the Security
Considerations provides suggestions for usage:
"COSE applications employing explicit typing should reject COSE objects with a
type header parameter value different than values that they expect in that
application context. They should also reject COSE objects without a type header
parameter when one is expected."
The language goes to the core of what the header parameter is for, so I'm good
with it. But I'm open to suggestions that would clarify the intent further.
For what it's worth, there are multiple independent implementations of the
"typ" header parameter.
I'm not sure what you're referring to when you wrote "Then it gives only a
partial answer to the document status question."
Best wishes,
-- Mike
P.S. Changes resulting from the other two reviews are in
https://github.com/selfissued/draft-ietf-cose-typ-header-parameter/pull/10. I
plan to merge it and publish mid-day Wednesday US Pacific Time unless I hear
objections so that the new draft is ready for Thursday's IESG telechat.
-----Original Message-----
From: Murray Kucherawy via Datatracker <[email protected]>
Sent: Sunday, March 31, 2024 7:27 PM
To: The IESG <[email protected]>
Cc: [email protected]; [email protected];
[email protected]; [email protected]
Subject: Murray Kucherawy's No Objection on
draft-ietf-cose-typ-header-parameter-04: (with COMMENT)
Murray Kucherawy has entered the following ballot position for
draft-ietf-cose-typ-header-parameter-04: No Objection
When responding, please keep the subject line intact and reply to all email
addresses included in the To and CC lines. (Feel free to cut this introductory
paragraph, however.)
Please refer to
https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
for more information about how to handle DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-cose-typ-header-parameter/
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
The shepherd writeup says "This is not a protocol document", yet it registers a
header parameter used in a protocol. Then it gives only a partial answer to
the document status question. I'm confused.
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
