Deb Cooley has entered the following ballot position for draft-ietf-cose-tsa-tst-header-parameter-05: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-cose-tsa-tst-header-parameter/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Two items: I agree with Stefan Santesson's review: https://mailarchive.ietf.org/arch/msg/secdir/yiKmZx9ivRJZfUdj5g8W1HPB5xM/ (many thanks for that secdir review) Section 5: These types of systems rely on accurate time, and prompt reporting of compromised keys. STD96 discusses the necessity of keeping private keys private, but does not discuss the prompt reporting when those keys are disclosed. I think two short warnings (one on the necessity for the accuracy of time, and one on the prompt reporting of compromised keys) would be useful for someone using/implementing this document. (I'm happy to help with the words for these two warnings) _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
