Last Call Review of draft-ietf-cose-typ-header-parameter-02
review-ietf-cose-typ-header-parameter-02-genart-lc-worley-2024-02-18-00

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document:  draft-ietf-cose-typ-header-parameter-02
Reviewer:  Dale R. Worley
Review Date:  2024-02-18
IETF LC End Date:  2024-02-26
IESG Telechat date:  [not known]

Summary:

    This draft is basically ready for publication, but has nits that
    should be fixed before publication.

Nits/editorial comments:

Abstract

This would be clearer if the first uses of "COSE" and "JOSE" were
expanded.  (https://www.rfc-editor.org/materials/abbrev.expansion.txt
does not mark either as "well-known".)

1.  Introduction

   The security benefits of having typ
   (type) are described in the JSON Web Token Best Current Practices
   [RFC8725], which recommends its use for "explicit typing" -- [...]

I would recommend expanding the reference to note that this is in
section 3.11 of RFC 8725.  Similar considerations apply to section 3.

2.  COSE "typ" (type) header parameter

   The typ (type) header parameter is used by COSE applications to
   declare the type of this complete COSE object.

The situation would be clearer for me if this was extended with "(As
compared to the content type header, which declares the type of the
COSE payload.)".

[END]