Sent from Samsung tablet. -------- Original message -------- From: Ludwig Seitz <ludwig_seitz@xxxxxx> Date: 07/01/2020 19:52 (GMT+00:00) To: elwynd <elwynd@xxxxxxxxxxxx>, gen-art@xxxxxxxx Cc: last-call@xxxxxxxx, draft-ietf-ace-oauth-params.all@xxxxxxxx, ace@xxxxxxxx Subject: Re: [Gen-art] [Ace] Genart last call review of
draft-ietf-ace-oauth-params-06 > Hi, Ludwig. > > Having had another look at section 3.1 of > draft-ietf-ace-cwt-proof-of-possession, technically the rules about > which keys have to be present are not part of the syntax of the cnf > claim. The point can be covered by changing '"syntax of the 'cnf' claim" > to "syntax and semantics of the 'cnf' claim" > in each case. > > However, the second look threw up another point: Figure 2 in s3.2 gives > a Symetric key example - I think this should use an Encrypted_COSE_Key > (or Encrypted_COSE_Key0) as described in section 3.3 of > draft-ietf-ace-cwt-proof-of-possession. > > Otherwise I think we are done. > > Eventually we will get to Christmas! > > Cheers, > Elwyn > > Hello Elwyn, I hope you had a merry Christmas and a happy new year's eve. I have updated the draft to -10, fixing the phrasing to your suggestion from the first paragraph above in various places (and an issue that came up during IANA review). Given my argument for not having the encrypted COSE_Key in figure 2 I left that part as it was. Please indicate whether this is acceptable with the given explanation. Regards, Ludwig Hi, Ludwig. Yes, we had a pleasant festive season - Hope yours was good also. The -10 draft looks good. Regarding the symmetric key in s3. 2/Figure 2, I think it would be worth adding a sentence to point out that one might have to use the encrypted form per proof-of-posession draft if the overall message was not encrypted (as in it is in the oauth usage). Cheers, Elwyn |
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call