Hi Diego, authors, These are roughly the comments that I raised at the mic line in OPSAWG, but I have only given this document a light review, so some of these may have already been answered in the draft:
1. You have chosen to do the normalisation over the instance data but still represented as a JSON or XML document. I was wondering whether there should be an abstract normalisation of YANG instance data and an algorithm to generate a COSE signature based on that abstract structure rather than tying it to the encoding. 2. An alternative could be to sign the data as an opaque stream of bytes, without any normalisation first. Although I guess the means that you lose the provenance if you restructure the data into a different form. 3. Similar to what Thomas mentioned, for a JSON encoding you are technically allowed to return the elements in a list/container in any order. Your normalisation would naturally put tighter constraints on how that data is structured, this may be okay, but is worth being aware of, and probably explicitly pulling those out. 4. In the Yang Push header your provenance leaf is before the data, but I think that it should probably be after the data (or as Thomas said, it should be flexible as to where it contained). That potentially allows implementations to write a signature after the data has been processed rather than caching the structure in memory first. Kind regards, Rob Cisco Confidential
_______________________________________________ OPSAWG mailing list -- [email protected] To unsubscribe send an email to [email protected]
