Skip to main content

Last Call Review of draft-ietf-cose-tsa-tst-header-parameter-03
review-ietf-cose-tsa-tst-header-parameter-03-artart-lc-peng-2024-12-28-00

Request Review of draft-ietf-cose-tsa-tst-header-parameter
Requested revision No specific revision (document currently at 04)
Type Last Call Review
Team ART Area Review Team (artart)
Deadline 2025-01-13
Requested 2024-12-23
Authors Henk Birkholz , Thomas Fossati , Maik Riechert
I-D last updated 2024-12-28
Completed reviews Artart Last Call review of -03 by Shuping Peng (diff)
Opsdir Last Call review of -03 by Yingzhen Qu (diff)
Genart Last Call review of -03 by Linda Dunbar (diff)
Assignment Reviewer Shuping Peng
State Completed
Request Last Call review on draft-ietf-cose-tsa-tst-header-parameter by ART Area Review Team Assigned
Posted at https://mailarchive.ietf.org/arch/msg/art/2D3gpY8oQDkg4gmdT9FLRMqLnvY
Reviewed revision 03 (document currently at 04)
Result Ready w/issues
Completed 2024-12-28
review-ietf-cose-tsa-tst-header-parameter-03-artart-lc-peng-2024-12-28-00
I am the assigned ART-ART reviewer for this draft.

Summary:

I have some minor concerns about this document that I think should be resolved
before publication.

Comments:

The 03 version has resolved the comments posted in the mailing list so far. The
IANA description is much more clear, two use cases are added, and the Security
considerations is significantly extended.

Major Issues:

 "No major issues found."

Minor Issues:

1. A COSE header parameter with two modes or two COSE header parameters for two
modes?

In the Abstract, it says "This document defines a CBOR Signing And Encrypted
(COSE) header parameter for ...". In Section 1, it says "This document defines
two new CBOR Object Signing and Encryption (COSE) [STD96] header parameters
that ..." In Section 3, it says "The two modes described in ... To clearly
separate their semantics two different COSE header parameters are defined as
described in the following subsections."

So is it about two COSE header parameters for two modes? Maybe simply changing
the wording in the Abstract?

2. Section 2.1
To compare through 2.1, 2.2, 3.1, and 3.2, would it be more clear to move this
following sentence to Section 3.1? "The message imprint sent to the TSA
(Section 2.4 of [RFC3161]) MUST be the hash of the payload field of the COSE
signed object."

3. Section 2.1, 3.2
To compare against RFC 3161 and the Figures, should "message imprint" be
"messageImprint"? s/message imprint/messageImprint

4. Section 3.1
This following sentence could be moved to the end of this sub-section, to
better align with the similar information in Section 3.2. "The 3161-ttc
protected header parameter contains a DER-encoded RFC3161 TimeStampToken
wrapped in a CBOR byte string (Major type 2)."

Nits:
6. IANA Considerations
In Table 1.
s/"3161-tcc"/"3161-ttc"