Skip to main content

Shepherd writeup
draft-ietf-cose-rfc8152bis-struct

# Summary

The document draft-ietf-rfc8152bis-struct is an update to CBOR Object Signing
and Encryption (COSE) to addressing outstanding errata, make other
clarifications and fixes, and move it to Internet Standard.  This is part of a
set — this for the structure and process, the other detailing the algorithms —
that together obsolete RFC 8152.

This work is a product of the COSE Working Group.  The document shepherd is
Matthew Miller, and the responsible Area Director is Benjamin Kaduk.

# Review and Consensus

This document received wide review from various implementers, including those
used in real-world deployments.  There were a number of editorial comments and
some substantive commentary, with consensus to publish.

After a flaw was found in countersignatures during the IETF last call in June,
the working group consensus was to deprecate the coutersignature in 8152 and
work on a replacement as a stand-alone document.  Therefore, this document
still contains an informational reference to the RFC 8152 to point to the
countersignature algorithm, and otherwise removed the text from this document
to be replaced with a description and rationale for the deprecation.

The working group consensus was to keep the context string "COSE_Countersign1"
for abbreviated countersignatures (used as part of the input when generating
the countersignature).  Technically this structure should be "0" as all
information about the input is implied (no signatory is explicitly declared),
however this is a breaking change that the working group could not find
consensus to risk in order to maintain full consistency.

Some concerns were raised about message recovery signature algorithms, but
since none are yet defined, the section on signing was updated to discuss
concerns a future message-recovery-capable algorithm needs to address.

Additional care during editing and review of this document and
draft-ietf-cose-rfc8152bis-algs were taken to ensure as best as possible that
various (internal) references made in the original RFC 8152 have proper
(external) references.  All errata from RFC 8152 that is relevant to the COSE
structure has been addressed therein.

# References

The CryptoForum Research Group (CFRG) published algorithm documents as
Informational; the normative reference to 8032 (EdDSA) is expected and exists
in the Downref Registry.  The informative references to RFC 2633 (obsoleted by
3855) and RFC 5750 (obsoleted by 8551) are intentional as they illustrate some
of the original design considerations for RFC 8152.

This document and draft-ietf-cose-rfc8152bis-algs are to be published in
lockstep, and so references here to -algs (and references to this document in
-algs) are expected to be updated as part of publication.

# Intellectual Property

The author, to the best of his knowledge, is unaware of any applicable IPR. 
There are no substantive changes compared to RFC 8152, which also has no IPR
notices submitted.

Back