Skip to main content

Shepherd writeup

1. Summary

Rich Salz is the shepherd, Kathleen Moriarty is the AD and she is planning
on AD-sponsoring this individual submission.

This document creates three new IANA registries to be used with the CBOR
Object Signing and Encryption (COSE). It creates entries in those registries
for the encodings of RSASSA-PSS signatures, RSAES-OAEP encryption, and
RSA keys. It is appropriate for the standards track, as these registries
and entries will be used by W3C WebAuth and the FIDO alliance; other IETF
efforts could also use them.

2. Review and Consensus

This is a simple and small document. It references existing and well-known
signature and encryption standards, and creates no new instances of
any cryptographic mechanism. It provides some reasonable security
considerations. An AD-Sponsored draft seems the shortest-path to a
standard. It is hard to imagine any kind of controversy arising from this,
other than bike-shedding about the numbers assigned.

The other groups are aware of this effort, and looking forward to it.

Outside of any possible generic CBOR issues, the main concern with COSE
is resource consumption, which is adequately discussed in the Security
Considerations section.  Historically, canonicalization has shown itself
to be an area of poor implementation, leading to security issues.  The base
CBOR and COSE documents address this (in my opinion).

3. Intellectual Property

The author has confirmed that he does not know of any IPR considerations
in this document.

4. Other points