Last Call Review of draft-ietf-cose-key-thumbprint-04
review-ietf-cose-key-thumbprint-04-genart-lc-knodel-2024-04-01-00
Request | Review of | draft-ietf-cose-key-thumbprint |
---|---|---|
Requested revision | No specific revision (document currently at 06) | |
Type | Last Call Review | |
Team | General Area Review Team (Gen-ART) (genart) | |
Deadline | 2024-04-02 | |
Requested | 2024-03-12 | |
Authors | Kohei Isobe , Hannes Tschofenig , Orie Steele | |
I-D last updated | 2024-04-01 | |
Completed reviews |
Genart Last Call review of -04
by Mallory Knodel
(diff)
Secdir Last Call review of -04 by Derrell Piper (diff) Artart Last Call review of -04 by Patrik Fältström (diff) Opsdir Last Call review of -04 by Joel Jaeggli (diff) |
|
Assignment | Reviewer | Mallory Knodel |
State | Completed | |
Request | Last Call review on draft-ietf-cose-key-thumbprint by General Area Review Team (Gen-ART) Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/gen-art/0Zp-YykWXAo9w9_gklWnhg2CVyc | |
Reviewed revision | 04 (document currently at 06) | |
Result | Ready w/issues | |
Completed | 2024-04-01 |
review-ietf-cose-key-thumbprint-04-genart-lc-knodel-2024-04-01-00
I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://wiki.ietf.org/en/group/gen/GenArtFAQ>. Document: draft-ietf-cose-key-thumbprint-?? Reviewer: Mallory Knodel Review Date: 2024-04-01 IETF LC End Date: 2024-04-02 IESG Telechat date: Not scheduled for a telechat Review Major The assumption that fingerprints are being used as a naming scheme comes up in the final sentence of the draft. Perhaps there are other uses but if this is the main one imagined by this draft then perhaps this could be treated gently in the introduction, along with some other usage ideas. Also in the Introduction: The summary should be clear that the hash is a fingerprint, at least such that the reader is clear that the terms are interchangeable. Minor 3. #1 Should reference section 4.0 5.3 The only prerequisites are that the COSE Key representation of the key be defined —> should followed versus defined be used? 5.4 COSE Key Thumbprint values are computed on the COSE Key element required to represent a key, rather than all members of a COSE Key that the key is represented in. — should values versus members be used? 5.5 the section title is multiple methods but the section treats only one? Text should clarify the use of “Approach” vs “case” for readability 5.5 cnf is not defined anywhere 5.6 I don’t know why we are not simply assuming interoperability and only specifying this. “To promote interoperability among implementations, the SHA-256 hash algorithm is mandatory to implement.” Furthermore shouldn’t there be a MUST? And lastly Section 7 repeats this phrase— should it be put elsewhere, perhaps in a more prominent place? 7. While thumbprint values are valuable for identifying legitimate keys, comparing thumbprint values is not a reliable means of excluding the use of particular keys (or transformations thereof) —> useful instead of valuable? Nits Section 3. #1 “what, if necessary, what the unique encoding is” has one too many whats. General: expand acronyms on first use