CBOR Object Signing and Encryption (COSE): Structures and Process
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Matthew Miller <email@example.com>, The IESG <firstname.lastname@example.org>, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org Subject: Protocol Action: 'CBOR Object Signing and Encryption (COSE): Structures and Process' to Internet Standard (draft-ietf-cose-rfc8152bis-struct-09.txt) The IESG has approved the following document: - 'CBOR Object Signing and Encryption (COSE): Structures and Process' (draft-ietf-cose-rfc8152bis-struct-09.txt) as Internet Standard This document is the product of the CBOR Object Signing and Encryption Working Group. The IESG contact persons are Barry Leiba, Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-cose-rfc8152bis-struct/
Technical Summary The document draft-ietf-rfc8152bis-struct is an update to CBOR Object Signing and Encryption (COSE) to address outstanding errata, make other clarifications and fixes, and move it to Internet Standard. This is part of a set — this for the structure and process, the other detailing the algorithms — that together obsolete RFC 8152. Working Group Summary This document received wide review from various implementers, including those used in real-world deployments. There were a number of editorial comments and some substantive commentary, with consensus to publish. One item to note is the decision to keep the context string "COSE_Countersign1" for abbreviated countersignatures (used as part of the input when generating the countersignature). Technically this structure should be "0" as all information about the input is implied (no signatory is explicitly declared), however this is a breaking change that the working group could not find consensus to risk in order to maintain full consistency. Document Quality Additional care during editing and review of this document and draft-ietf-cose-rfc8152bis-algs was taken to ensure as best as possible that various (internal) references made in the original RFC 8152 have proper (external) references. All errata from RFC 8152 that is relevant to the COSE structure has been addressed therein. The CryptoForum Research Group (CFRG) published algorithm documents as Informational; the normative reference to 8032 (EdDSA) is expected and exists in the Downref Registry. The informative references to RFC 2633 (obsoleted by 3855) and RFC 5750 (obsoleted by 8551) are intentional as they illustrate some of the original design considerations for RFC 8152. This document and draft-ietf-cose-rfc8152bis-algs are to be published in lockstep, and so references here to -algs (and references to this document in -algs) are expected to be updated as part of publication. Personnel This work is a product of the COSE Working Group. The document shepherd is Matthew Miller, and the responsible Area Director is Barry Leiba.