Hi Russ, Thank you for your comments.
I have started to apply them here: https://github.com/cose-wg/draft-ietf-cose-dilithium/pull/14 On Wed, Nov 20, 2024 at 2:41 PM Russ Housley <[email protected]> wrote: > I have a few comments. > > Abstract: I suggest that Dilithium be dropped here. In a couple of years, > COSE and JOSE implementers will not care about the history of ML-DSA. > Also, the Abstract should not include references. I suggest: > > This document describes JSON Object Signing and Encryption (JOSE) and > CBOR Object Signing and Encryption (COSE) serializations for Module- > Lattice-Based Digital Signature Standard (ML-DSA), a Post-Quantum > Cryptography (PQC) digital signature scheme defined in FIPS 204. > > I took your suggestion. > Introduction: Why is the second sentence observing that the thumbprint can > be used with other algorithms? Shouldn't the document related to those > algorithms handle that topic? > I tried to clarify this with restructuring. The AKP key type, and its thumbprint computation are generic, and can be used with any COSE or JOSE key that has "pub", and "alg". This is similar to how the Ed25519 and Ed448 keys both use OKP, and compute thumbprints the same way. Instead of keeping the reference to SLH-DSA or adding a reference to HPKE ( https://datatracker.ietf.org/doc/html/draft-reddy-cose-jose-pqc-hybrid-hpke-06#section-5.1 ) I ended up removing the reference and adding some explanatory text. > Section 4: Figure 1 and Figure 2 both need to explanatory text. > Done, although it's debatable if what I wrote is enough. > > Section 5: Why is the last sentence needed? > > The AKP Key Type MAY be used with algorithms not defined in this specification, and those algorithms MAY encode their private keys differently. I removed this sentence, but the reason it was there is related to your comment which I addressed regarding the introduction. > > Russ > > > On Nov 19, 2024, at 11:47 AM, Michael Jones <[email protected]> > wrote: > > Hi all, > > This message starts the Working Group Last Call (WGLC) for > https://www.ietf.org/archive/id/draft-ietf-cose-dilithium-04.html (ML-DSA > for JOSE and COSE), as was discussed at IETF 121 in Dublin. The WGLC will > run for two weeks, ending on Tuesday, December 3, 2024. > > Please review and send any comments or feedback to the working group. > Even if your feedback is “this is ready for publication”, please let us > know. > > Thank you, > -- Mike and Ivaylo, COSE > Chairs > > _______________________________________________ > COSE mailing list -- [email protected] > To unsubscribe send an email to [email protected] > > > _______________________________________________ > COSE mailing list -- [email protected] > To unsubscribe send an email to [email protected] > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
