CBOR Object Signing and Encryption (COSE): Structures and Process

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Matthew Miller <linuxwolf+ietf@outer-planes.net>, The IESG <iesg@ietf.org>, barryleiba@gmail.com, cose-chairs@ietf.org, cose@ietf.org, draft-ietf-cose-rfc8152bis-struct@ietf.org, linuxwolf+ietf@outer-planes.net, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'CBOR Object Signing and Encryption (COSE): Structures and Process' to Internet Standard (draft-ietf-cose-rfc8152bis-struct-15.txt)

The IESG has approved the following document:
- 'CBOR Object Signing and Encryption (COSE): Structures and Process'
  (draft-ietf-cose-rfc8152bis-struct-15.txt) as Internet Standard

This document is the product of the CBOR Object Signing and Encryption
Working Group.

The IESG contact persons are Barry Leiba, Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:

Technical Summary

The document draft-ietf-rfc8152bis-struct is an update to CBOR Object
Signing and Encryption (COSE) to address outstanding errata, make other
clarifications and fixes, and move it to Internet Standard.  This is part
of a set — this for the structure and process, the other detailing the
algorithms — that together obsolete RFC 8152.

Working Group Summary

This document received wide review from various implementers, including
those used in real-world deployments.  There were a number of editorial
comments and some substantive commentary, with consensus to publish.

One item to note is the decision to keep the context string
"COSE_Countersign1" for abbreviated countersignatures (used as part of
the input when generating the countersignature).  Technically this
structure should be "0" as all information about the input is implied (no
signatory is explicitly declared), however this is a breaking change that
the working group could not find consensus to risk in order to maintain
full consistency.

Document Quality

Additional care during editing and review of this document and
draft-ietf-cose-rfc8152bis-algs was taken to ensure as best as possible
that various (internal) references made in the original RFC 8152 have
proper (external) references.  All errata from RFC 8152 that is relevant
to the COSE structure has been addressed therein.

The CryptoForum Research Group (CFRG) published algorithm documents as
Informational; the normative reference to 8032 (EdDSA) is expected and
exists in the Downref Registry.  The informative references to RFC 2633
(obsoleted by 3855) and RFC 5750 (obsoleted by 8551) are intentional as
they illustrate some of the original design considerations for RFC 8152.

This document and draft-ietf-cose-rfc8152bis-algs are to be published in
lockstep, and so references here to -algs (and references to this
document in -algs) are expected to be updated as part of publication.


This work is a product of the COSE Working Group.  The document shepherd
is Matthew Miller, and the responsible Area Director is Barry Leiba.