COSE (CBOR Object Signing and Encryption) Receipts
draft-ietf-cose-merkle-tree-proofs-18

• Status
• IESG evaluation record
• IESG writeups
• Email expansions
• History

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, cose-chairs@ietf.org, cose@ietf.org, draft-ietf-cose-merkle-tree-proofs@ietf.org, ivaylopetrov@google.com, paul.wouters@aiven.io, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'COSE (CBOR Object Signing and Encryption) Receipts' to Proposed Standard (draft-ietf-cose-merkle-tree-proofs-17.txt)

The IESG has approved the following document:
- 'COSE (CBOR Object Signing and Encryption) Receipts'
  (draft-ietf-cose-merkle-tree-proofs-17.txt) as Proposed Standard

This document is the product of the CBOR Object Signing and Encryption
Working Group.

The IESG contact persons are Paul Wouters and Deb Cooley.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-cose-merkle-tree-proofs/

Ballot Text

Technical Summary

   COSE (CBOR Object Signing and Encryption) Receipts prove properties
   of a verifiable data structure to a verifier.  Verifiable data
   structures and associated proof types enable security properties,
   such as minimal disclosure, transparency and non-equivocation.
   Transparency helps maintain trust over time, and has been applied to
   certificates, end to end encrypted messaging systems, and supply
   chain security.  This specification enables concise transparency
   oriented systems, by building on CBOR (Concise Binary Object
   Representation) and COSE.  The extensibility of the approach is
   demonstrated by providing CBOR encodings for RFC9162.

Working Group Summary

   There was broad consensus and no controversy.
   Note that One of the authors had initially indicated that the IPR disclosed in
    https://datatracker.ietf.org/ipr/6609/ should be relevant for this draft.
    Later they updated their statement and filed https://datatracker.ietf.org/ipr/6621/
    stating that it should not apply based on further discussions with their lawyer:
    https://mailarchive.ietf.org/arch/msg/cose/uaXAo7zsnFg1XHOq1xoIKUR6ah8/.

Document Quality

   There are at least 3 known implementations. It was reported that on -05
   some of them have successfully tested interoperability.
   Stake holders from the SCITT working group have also reviewed this document.
   The CDDL has been checked.

Personnel

   The Document Shepherd for this document is Ivaylo Petrov. The
   Responsible Area Director is Paul Wouters.

RFC Editor Note