Hello, I volunteered during IETF 124 to review draft-lundberg-cose-two-party-signing-algs-04 (draft-lundberg-cose-two-party-signing-algs-04 - Split signing algorithms for COSE<https://datatracker.ietf.org/doc/draft-lundberg-cose-two-party-signing-algs/04/>).
I found the draft well-motivated and, in my opinion, it clearly addresses a real need of providing COSE algorithm identifiers for split signing between a digester and a signer. The draft also appears clear and well structured to me. I would thus support its adoption and progression within the Working Group. I just have a few comments and questions for clarification, but no major objection. Section 2 - The draft states: "The algorithm identifiers defined in this specification [...] SHOULD NOT appear in COSE structures consumed by signature verifiers". However, the draft also registers in the IANA section some "non-split" algorithms as part of the split signing context (like Ed25519ph), which is the algorithm used by a signature verifier. - I think I would've appreciated some words on how the digest is supposed to be transmitted from digester to signer, either by saying it is out of scope for this specification or if the draft intends to provide guidance on how the digest should be transported. - You write: "For signing algorithms that format the message to insert domain separation tags, [...] this message formatting is also performed by the signer." But if a piece of contextual data (like a domain separation tag, a randomizer, ...) must be incorporated into the message digest calculation, the digester must be the party responsible for handling and including this data before generating the digest. Section 4 - It might be useful to add a sentence to the Security Considerations regarding what a verifier should do if they do encounter some split signing algorithm identifiers in a final COSE structure? - Similarly, what should the signer do if it receives a non-split alg identifier (for example Ed25519ph instead of Ed25519ph-split?) in the internal protocol? Nits - Section 6 : "ESP381-split" -> "ESP384-split" Thanks to the authors for their work, Best regards, Lucas
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
