Warren Kumari has entered the following ballot position for draft-ietf-cose-key-thumbprint-05: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-cose-key-thumbprint/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I agree with Eric Vyncke's comments. Also, much thanks to Joel Jaeggli for his OpsDir review: https://datatracker.ietf.org/doc/review-ietf-cose-key-thumbprint-04-opsdir-lc-jaeggli-2024-04-14/ In addition, I have some nits: 1: I found "The resulting value is the COSE Key Thumbprint with H of the COSE Key." to be very difficult to parse -- perhaps you can drop "with H of the COSE Key."? Actually, I'm not entirely sure what the sentence is trying to convey, other than that the result is the thumbprint... I'm also not sure if the first sentence in the security considerations section is strictly true: 7. Security Considerations A COSE Key Thumbprint will only uniquely identify a particular key if a single unambiguous COSE Key representation for that key is defined and used when computing the COSE Key Thumbprint. The implication of "only *uniquely* identify a particular key" makes it sound like if you used some other representation, then you might identify some other key (which, I *guess* might be true if the other representation didn't include the key :-)). Is "correctly" perhaps a better word than "uniquely"? Or have I completely misunderstood? _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
