All, Thank you for the initial review feedback. I intend to update a draft based on this feedback and a slight change of scope to include code points for truncated MAC tags.
One of Russ's comments about phrasing brings up a good distinction that I think comes up elsewhere in COSE discussions: the difference between "algorithm" in the COSE sense meaning a specific code point (and, per RFC 9864, one that is "fully specified") versus the term "algorithm" in many other contexts such as the NIST documentation where it really refers to a complete parameterized "algorithm family" though I think that term is less common and probably more vague (e.g. is CMAC the family or is AES-CMAC the family?). I do want to be careful to use "algorithm" here only in the COSE sense, but I found this distinction initially somewhat confusing when coming into the COSE environment because there are still some cases of using the term algorithm more colloquially and not in the sense of "a single COSE algorithm registry code point." Thanks again, Brian S. On Thu, Mar 19, 2026 at 11:06 PM Russ Housley <[email protected]> wrote: > During the COSE session at IETF 125, I agreed to review this draft. > > In my view, the document is ready for COSE WG adoption. > > I also offer some suggested improvements below. > > CONCERN: > > In Section 1, the document says that there are "no extra parameters > (_e.g._, key length or tag length)", but Section 2 says "The parameters > associated with AES-CMAC are: key length and tag length." This feels like > a contradiction. I think that it would be better to re-write Section 1 to > say that key length and tag length are the only parameters. > > Section 2, para 3 begins with "This document restricts the allocated code > points...". I think it would be better to say that this document registers > the two parameter sets as shown in Table 1. This allows some other > document to add additional code point in the future if there is a need as > stated in the last sentence of the paragraoh. The word "restricts" is > concerning to me. > > NITS: > > Section 1.1: The first sentence needs to be broken into multiple sentences > or include at least one semi-colon. > > Section 1.1: The second paragraph is not a "scope" statement. If you want > to keep it, move it to Section 1. > > > _______________________________________________ > COSE mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
