Last Call Review of draft-ietf-cose-typ-header-parameter-03
review-ietf-cose-typ-header-parameter-03-secdir-lc-harkins-2024-03-08-00

   Howdy,

I have reviewed draft-ietf-cose-type-header-parameters as part of
the security directorate's ongoing effort to review all IETF
documents being processed by the IESG. These comments were written
primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any
other last call comments.

The summary of the review is ready (but I do have a question).

The draft defines the typ (type) header to COSE to parallel the
header parameters defined by JOSE, this will permit "explicit
typing" of JSON Web Tokens.

The draft is very simple and straightforward and there aren't
really any issues but I was unable to parse this sentence from
section 2:

     "This parameter is ignored by COSE implementations; any
     processing of this parameter is performed by the COSE
     application."

I'm not sure what the authors are trying to say here. Applications
of COSE represent an implementation of COSE, right? So it can't
be both ignored and processed. Or can it? What am I missing?

   regards,

   Dan.

-- 
"The object of life is not to be on the side of the majority, but to
escape finding oneself in the ranks of the insane." -- Marcus Aurelius