I guess it is up to you. Personally, I like the idea of the verify description including some reference to how one actually does verify. I will leave it to the authors and WG to decide what degree of clarity is called for here.


On 2/23/18 9:30 AM, Göran Selander wrote:
Hi Joel,

Thanks for quick feedback, inline.

On 2018-02-23 14:59, "Joel M. Halpern" <j...@joelhalpern.com> wrote:

In terms of my concerns, if Step 7 said "Verify and Decrypt the COSE
object using the Recipient Key as per RFC 5116 Section 2.2" that would
fill in the confusion for this reader.

Since the AEAD is used throughout the draft, in particular in other parts
of this section I’m thinking that maybe we should add RFC 5116 to the list
of specifications following "Readers are expected to be familiar with” in
Section 1.1. Would that address your comment?



On 2/23/18 5:26 AM, Göran Selander wrote:
Hi Joel,

Thanks for your review. Comments inline.

On 2018-02-22 04:51, "Joel Halpern" <j...@joelhalpern.com> wrote:

Reviewer: Joel Halpern
Review result: Ready with Nits

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at


Document: draft-ietf-core-object-security-08
Reviewer: Joel Halpern
Review Date: 2018-02-21
IETF LC End Date: 2018-03-02
IESG Telechat date: 2018-03-08

Summary: This document is ready for publication as a Proposed Standard

Major issues: N/A

Minor issues:
     In section 8.2 on verifying the request, step 5 says to "compose"
     Additional Authentication Data.  I would have expected it to be
     the Additional Authentication Data.  I could imagine that the
     consists of composing what it should be, and then comparing with
     received.  But I do not see the comparison step.  is it implicit in
     other step?  This occurs again in 8.4, so I presume I am simply
     something.  This may suggest some clarification could be useful.

The AAD is indeed “composed" both on encrypting and decrypting side from
data which needs to be known to the endpoint at the time when the AEAD
operation is performed. The authenticated decryption process is


So the verification consists of feeding the input, including the AAD, to
the authenticated decryption which calculates the plain text or FAIL,
a failure may be - but is not necessarily - caused by wrong AAD.

The AD review also indicated that we should move the reference to RFC
to an early section in the draft and that change is already included in
the latest version on the CoRE WG Github.

Best regards

Gen-art mailing list

Reply via email to