Skip to main content

Minutes IETF105: cose
minutes-105-cose-01

Meeting Minutes CBOR Object Signing and Encryption (cose) WG
Title Minutes IETF105: cose
State Active
Other versions markdown
Last updated 2019-08-09

minutes-105-cose-01

IETF 105 Agenda (Montreal) 2019-07-26 @ 12:20 EDT Van Horne Room

Chairs: * Ivaylo Petrov * Matthew A. Miller

Jabber Relay: Francesca Palombini Minutes: Michael Richardson

COSE Working Group

Administrivia (Chairs - 5 minutes; 12:12 - 12:25)

  • Notewell is given
  • Agenda is accepted

rfc8152bis Drafts (Jim Schaad - 10 minutes; 12:25 - 12:35)

  • draft-ietf-cose-rfc8152-struct https://datatracker.ietf.org/doc/draft-ietf-cose-rfc8152bis-struct/

  • Almost everyone does signing, and almost nobody does encryption.

  • Signature are important, Michael Richardson(Mcr): Are both Sign1 and Sign implemented or mostly sign1 Jim: Both signatures are implemented Mcr: Should protocols be specific - we expect Sign1 and only Sign1 or accept both. There is some extra code in accepting both, but if everyone is implementing this, then protocols can be more liberal. Hannes: Because no one knows which one they need

Hannes: Which implementation have post? Jim: I have no post any, any has been adopted Ivo: Do you want to use the wiki? Jim: Both project and IETF wiki are ok, I was planning to use the project one. Jim: Everyone can verify encryption and signatures from my implementations as they are using the examples from the repository. I need to verify the opposite direction.

  • Ready for WGLC?

Matt: this document has a good structure and is fine for me

  • draft-ietf-cose-rfc8152-algs https://datatracker.ietf.org/doc/draft-ietf-cose-rfc8152bis-algs/

Jim: One interesting question to consider is: do you want it for standard track or informational? Justin Richer: As you can not use COSE with the scenarios, perhaps it does not matter if it is one or the other, do not split the documents Matt: any particular concern about informational or standard track? Ben: harder to go standard once it's informational. gut feeling - keep standard track Mcr: don't see why you wouldn't (standard track) IPsecME has https://datatracker.ietf.org/doc/rfc8247/ as standards track.

  • ACTION: I think that the consensus was for Standards Track.

Send WGLC for both rfc8152bis-struct and rfc8152bis-algs

Hash Algs (Jim Schaad - 5 minutes; 12:35 - 12:40)

  • draft-ietf-cose-hash-algs

X509 (Jim Schaad - 15 minutes; 12:40 - 12:55)

  • draft-ietf-cose-x509

  • Push example to the repository

  • Nothing has been raised as missing

Carsten: What is the CBOR content type? Jim: that should be CoAP content-format

Carsten: We should make it a habit of registering a content type for such things when we stumble upon them.

ACTION?: Jim to add content type registration. ACTION?: Jim to see about early registration of the code points

Jim: for the 4 documents could you make a 4 weeks long WGLC Chairs: ok

ACTION: Chairs to send WGLC for both draft-ietf-cose-hash-algs and draft-ietf-cose-x509 after the LCs for the bis documents.

WebAuthn (Mike Jones - 10 minutes; 12:55 - 13:05)

  • draft-ietf-cose-webauthn-algorithms

  • Register algorithms for the registration

  • Since prague, adoption ad draft WG
  • Change curve identifier "P-256K" -> "secp256k1"

  • Time for WGLC?

ACTION: Chairs to send WGLC after the bis documents LCs.

Open Mic (remaining)