On Wed, Feb 28, 2024 at 09:44:00AM -0800, [email protected] wrote: > Internet-Draft draft-ietf-jose-fully-specified-algorithms-01.txt is now > available. It is a work item of the Javascript Object Signing and Encryption > (JOSE) WG of the IETF. > > Title: Fully-Specified Algorithms for JOSE and COSE > Authors: Michael B. Jones > Orie Steele > Name: draft-ietf-jose-fully-specified-algorithms-01.txt > Pages: 12 > Dates: 2024-02-28
Some comments that still look relevant: 1) The encryption case seems like it would be difficult and delay the document by a lot. There have been requests to get this done quick, so I think that should be punted on. 2) Abstract: I don't think the current encryption stuff is fully specified (the behavior of algorithms does depend on the key), so statements about new identifiers need to be qualified to only apply to signatures. 3) Section 3.3.*: For the same reasons as above, the instructions need to be qualified to only apply to signatures. 4) Section 6.3: I don't think anything in COSE or JOSE currently uses KEMs. And the requirement for single KDF goes beyond what fully specified means. 5) I think that all the non-encryption stuff might stand (double-)WGLC. -Ilari _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
