Hi, As Designated Expert for the COSE Header Parameters registry, we were asked by IANA to review the early allocation request made by cose and draft-ietf-cose-merkle-tree-proofs-10. I have a couple of issues with it, hopefully easily solvable. At the same time I have some non-IANA related comments from reading through the document which I figured I’ll send as well, I hope that helps.
CC IANA and Carsten as the other expert. Francesca IANA specific review: Section 4.3: I am not sure that the "informative CDDL" (which coincidentally I am not sure what that means really - I guess it's supposed to be an example? How is the CDDL informative?) is correct. It seems that what you want to say is that COSE Receipts is a tagged COSE_Sign1 that MUST contain both the vds and proofs parameters. I sort of understood that from the description above and the example, but I don't see that written down as a requirement anywhere (let me know if I missed it). Also, by looking at the EDN, I see that "receipts" is an array of serialized (using COSE terminology) tagged COSE_Sign1, which does not seem consistent with the CDDL above (where 'Receipt' is not serialized). I think it is important to fix/clarify what exactly "receipts" is, before the IANA registration goes through, to make sure the parameter is well defined. Section 5.2.1: By reading further in, I see that requirements about what parameters are present in the COSE_Sign1 is defined here, for this specific VDS. However I still think you need a more specific definition for COSE Receipts, so my comment above still stands. Section 8.1: As Carsten mentioned, the "Value Registry" is wrong. I agree with him, it should be empty for receipts, "COSE Verifiable Data Structures" registry for vds and "COSE Verifiable Data Structure Proofs" registry for vdp. However, for vdp I would even go further and say that it should say "map key in COSE Verifiable Data Structure Proofs registry", because it's not the value that is taken from the registry, but its map keys' values (analogous to COSE Header parameter 15, CWT claims). General/Nits: Why is this document referencing both RFC 7049 and 8949 instead of only 8949? Section 2: > Correspondingly, this document introduces a new verifiable data structure > registry that registers the integers used to identify verifiable data > structures. It would be good to do a fw reference to that registry here. > Correspondingly, this document introduces a new verifiable data structure > proof registry that registers the integers used to identify verifiable data > structure proof types. Same here Section 2: > The other codepoints in this document are assigned from the registries > established in this draft, they are therefore not marked TBD. I assume you'll remove this sentence before publication. Section 8.2: > IANA established the COSE Verifiable Data Structures and COSE Verifiable Data > Structure Parameters Registries under a Specification Required policy as > described in [RFC8126]. I assume a typo, s/Parameters/Proofs
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
