HI Med, Thanks very much for the review.
On Thu, 24 Apr 2025 at 12:05, Mohamed Boucadair via Datatracker <[email protected]> wrote: > Hi Henk, Thomas, and Maik, > > Thank you for the effort put into this specification. > > Thanks to Yingzhen Qu for the OPSDIR review. > > The spec is straightforward. There are some guidelines when manipulating > timestamps (e.g., rfc8877), but I don’t think those apply here. > > I trust the authors have validated all the examples. I hope so, all the examples are automatically generated :-) > Please find below some few comments: > > # Hash details: can we have an authoritative reference to zoom more about how > the hash is computed/validated? > > CURRENT: > The MessageImprint sent to the TSA (Section 2.4 of [RFC3161]) MUST be > the hash of the payload of the COSE signed object. I see the mild ambiguity here. I believe we can make it more crisp by adding "field" as follows: NEW: The MessageImprint sent to the TSA (Section 2.4 of [RFC3161]) MUST be the hash of the "payload" field of the COSE signed object. (Tracking issue: https://github.com/ietf-scitt/draft-birkholz-cose-tsa-tst-header-parameter/issues/50) > # Add a normative reference to RFC 8792 as that is required for unfolding > > # The use of folding is not consistent > > For example, this is not used in 3.2.1, while it is used in other examples. > > # Check/fix some uses of folding in the last example, in particular: > > CURRENT: > / signature / h'8eb33e4ca31d1c465ab05aac34cc6b23d58fef5c083106c4 > d25a91aef0b0117e2af9a291aa32e14ab834dc56ed2a223444547e01f11d3b0916e5 > a4c345cacb36' We use Carsten's ::include-fold systematically. It's just awesome. The inconsistency in the examples in A.1 and A.2 using RFC 8792 line wrapping becomes apparent because these two files contain long lines, whereas the others do not. We can fix this simply by using fold(1) before saving the output of the script here [1]. This would also remove the need to reference RFC 8792. In any case, since we will need to recompute the examples when IANA assigns the codepoints, we will address this issue at that time. (Tracking issue: https://github.com/ietf-scitt/draft-birkholz-cose-tsa-tst-header-parameter/issues/49) cheers! [1] https://github.com/ietf-scitt/draft-birkholz-cose-tsa-tst-header-parameter/blob/fa50771988841a32581dc1f1fde8e6ca8a7632ea/example/ctt/create-example.sh#L46 _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
