Skip to main content

Minutes IETF112: cose

Meeting Minutes CBOR Object Signing and Encryption (cose) WG
Date and time 2021-11-10 14:30
Title Minutes IETF112: cose
State Active
Other versions plain text
Last updated 2021-11-23


## Connection details

* Date: November 10, 2021
* Meeting link:
* Slides link:

# Action Items

  * See below

# Minutes
## 1. Administrivia (Chairs)
## 2. Document Status (Chairs) - 5 min

IP: Hash algs draft have some questions from the RFC editor.
IP: 8152-bis-algs in AUTH 48.

MJ: We should not make this change, since this is becoming a proposed standard.
CB: We have learnt something in the process from internet standard to proposed
standard MJ: Not worth making the change. JPM: As much breaking change as
algorithm. Has been discussed extensibly in the mailing list. MJ: Difference
compared to alg, no expectation for changed basic data structure. BK: Agree
with CB that there is something learned in the process. Would require another
WGLC and a LC. Also an option to have a separate proposed standard updating the
Internet standard. RM: I can remember changes made when going from proposed or
Internet standard. Used versioning to indicate. CB: Versioning is not needed,
since CBOR allows type to be detected. IP: Continue discussion later, due to
time constraints.

## 3. x509 (Chairs) - 10 min

IP: Past IESG evaluation, MR has done the shepherding.
IP: All involved, please take a look that github issues are resolved.
IP: The chairs and Carsten to look at media type, suggest text.
* CB: Will do.

IP: John: Please have another look at the PR.
JPM: I looked recently and looks good.
IP: Phrasing of x5bag/chain, previously argued for protection of those.

* IP will make an issue.

## 4. draft-ieft-cbor-encoded-cert (Göran Selander) - 10 min

GS: Splitting out revocation?
BK: May be concerns in IESG. Revocation may be referenced with normative
dependence. RH: Not in favor, some situation as single draft DKG: Concerns
about OCSP, well known issues, privacy issues with X.509, alternatives for
handling with C509. CB: Have the CRL section would get draft through IESG. OCSP
could be separated. JPM: Any opinion about Mozilla CRL light?

* IP: We will look individually for reviewers.

## 5. HPKE for COSE - Russ - 10 min

RH: Based out of SUIT work on how to encrypt firmware. Useful beyond firmware
encryption. Three layers in COSE: layer 3 for encryption with shared secret,
layer 2 encrypted CEK, layer 1 encrypted plain text. Some implementation
experience. Also, recent discussion on the mailing list.

JPM: Should COSE work on HPKE and non-HPKE KEMs?
RH: Same question in LAMPS. What is the cleanest way for PQ-KEMs. Using KEM
recipient info.

* IP: Chairs to issue call-for-adoption

## 6. Fast-verification friendly ECDSA (Rene Struik) - 10 min

RS: Introducing ECDSA*, fast batch verifications. Did not conclude due to lack
of time. Those interested should reach out for Rene.

## 7. AOB - 10 min