Hi, Ludwig. Having had another look at section 3.1 of draft-ietf-ace-cwt-proof-of-possession, technically the rules about which keys have to be present are not part of the syntax of the cnf claim. The point can be covered by changing '"syntax of the 'cnf' claim" to "syntax and semantics of the 'cnf' claim" in each case. However, the second look threw up another point: Figure 2 in s3.2 gives a Symetric key example - I think this should use an Encrypted_COSE_Key (or Encrypted_COSE_Key0) as described in section 3.3 of draft-ietf-ace-cwt-proof-of-possession. Otherwise I think we are done. Eventually we will get to Christmas! Cheers, Elwyn Sent from Samsung tablet. -------- Original message -------- From: Ludwig Seitz <ludwig_seitz@xxxxxx> Date: 22/12/2019 12:36 (GMT+00:00) To: Elwyn Davies <elwynd@xxxxxxxxxxxxxx>, gen-art@xxxxxxxx Cc: last-call@xxxxxxxx, draft-ietf-ace-oauth-params.all@xxxxxxxx, ace@xxxxxxxx Subject: Re: [Gen-art] [Ace] Genart last call review of
draft-ietf-ace-oauth-params-06 I have now submitted -09 to fix the minor issues and nits, which I forgot in my -08. Comments inline. Regards, Ludwig On 2019-12-14 23:46, Elwyn Davies via Datatracker wrote: <deleted> > s3.1: The text in s3.2 of draft-ietf-ace-cwt-proof-of-possession-03 contans > the following > > The COSE_Key MUST contain the required key members for a COSE_Key of that > key type and MAY contain other COSE_Key members, including the "kid" (Key > ID) member. > > The "COSE_Key" member MAY also be used for a COSE_Key representing a > symmetric key, provided that the CWT is encrypted so that the key is not > revealed to unintended parties. The means of encrypting a CWT is explained > in [RFC8392]. If the CWT is not encrypted, the symmetric key MUST be > encrypted as described in Section 3.3. > > These riders probably apply to all the subsectons of s3 and to s4.1 and could > be included in the currently empty main section text. > Here I disagree. The text explicitly refers to draft-ietf-ace-cwt-proof-of-possession, saying that the contents of the 'cnf', 'req_cnf' and 'rs_cnf' parameters use the syntax of the 'cnf' claim from section 3.1 of draft-ietf-ace-cwt-proof-of-possession. The requirements in section 3.2 draft-ietf-ace-cwt-proof-of-possession follow from the use of the definitions in 3.1. I don't see the value of reiterating such a long text from that document here, when an explicit reference is already given. _______________________________________________ Gen-art mailing list Gen-art@xxxxxxxx https://www.ietf.org/mailman/listinfo/gen-art |
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
