Fully-Specified Algorithms for JOSE and COSE
draft-ietf-jose-fully-specified-algorithms-13
Yes
Deb Cooley
No Objection
Andy Newton
Erik Kline
Gunter Van de Velde
Jim Guichard
Ketan Talaulikar
Mahesh Jethanandani
Recuse
Orie Steele
Note: This ballot was opened for revision 07 and is now closed.
Deb Cooley
Yes
Paul Wouters
(was Discuss)
Yes
Comment
(2025-05-12)
Sent
Thanks for addressing my concerns. I have updated by ballot to Yes
Andy Newton
No Objection
Erik Kline
No Objection
Gorry Fairhurst
No Objection
Comment
(2025-04-22 for -09)
Sent
Thank you for preparing this I-D. I have reviewed this document, and have no transport-related concerns. I defer to others with security expertise to comment on the security properties of this specification.
Gunter Van de Velde
No Objection
Jim Guichard
No Objection
Ketan Talaulikar
No Objection
Mahesh Jethanandani
No Objection
Mike Bishop
No Objection
Comment
(2025-05-07 for -11)
Sent
What is the update to 8037? This specification notes the changes to 7518 and 9053, but doesn't state a change to 8037. (I suspect it's intended to be Section 5, but that defines behavior for the new algorithms in this document; it does not modify the algorithms specified in 8037.) Why are the registered names for COSE not aligned with the ones that already exist for JOSE (e.g. ESP256 in COSE vs. ES256 in JOSE)? I assume this has to do with the fact that the currently registered polymorphic entry already has the name ES256, but then why not update the name for JOSE to align? JOSE does not appear to have corresponding entries for Brainpool curves. Is there a reason to define them for COSE and not JOSE? Minor nits: - In the abstract, "Whereas" doesn't really add anything. Just start with "It". - In Section 1, the exclamation mark seems unnecessary after "For instance, with EdDSA, it is not known which of the curves Ed25519 and/or Ed448 are supported!" - In Sections 3.x, "This section discusses them." is unnecessary.
Mohamed Boucadair
(was Discuss)
No Objection
Comment
(2025-05-04 for -10)
Sent
Hi Michael, Thanks for addressing the DISCUSS/COMMENTs raised in [1]. -10 Looks good to me. Cheers, Med [1] https://mailarchive.ietf.org/arch/msg/jose/ffl9sA_mx-1maFr3EsOuAXoFQ2E/
Roman Danyliw
No Objection
Comment
(2025-05-01 for -09)
Not sent
Thank you Vijay Gurbani for the GENART review. ** From idnits: -- The draft header indicates that this document updates RFC9053, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC8037, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC8152, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC7518, but the abstract doesn't seem to mention this, which it should.
Éric Vyncke
No Objection
Comment
(2025-05-05 for -10)
Sent
Thanks for the work done in this document. Just some non-blocking COMMENTs # Abstract The abstract should mention that some algorithms are deprecated. # Section 2.1 s/The following fully-specified COSE ECDSA algorithms are defined/The following fully-specified COSE ECDSA algorithms are defined by this document/ Similar comment for section 2.2
Orie Steele
Recuse