Minutes IETF113: cose
minutes-113-cose-00
| Meeting Minutes | CBOR Object Signing and Encryption (cose) WG | |
|---|---|---|
| Date and time | 2022-03-21 12:00 | |
| Title | Minutes IETF113: cose | |
| State | Active | |
| Other versions | markdown | |
| Last updated | 2022-03-22 |
COSE IETF 113
Connection details
- Date: March 21, 2022
- Meeting link:
https://wws.conf.meetecho.com/conference/?group=cose - Slides link:
https://datatracker.ietf.org/meeting/113/session/cose
Action Items
- draft-ietf-cose-hpke
- Continue conversation on mailing list
- draft-looker-cose-bls-key-representations
- Continue conversation on mailing list
- Ben Kaduk: Appears reasonable that BLS work it is in charter.
- draft-prorock-cose-post-quantum-signatures
- Mike Jones: COSE is chartered to register new algorithm identifiers, not new algorithms. Recommends focus on identifiers to remain within charter.
- Jonathan Hammel: If algorithms are not standardised by NIST, needs to go through CFRG for evaluation.
- Simplify choices/parameters to reduce implementation risks
- Ask on group: Read draft and comment/feedback on mailing list
- draft-selander-cose-kid-int
- Mike Jones: In current form it is a breaking change. RFC8152 implementation cannot support it as is.
- Benjamin Kaduk recommend adding section on how to use it to retain interoperability
- Mike Jones: Thanks Benjamin Kaduk for contribution as securtity area director
Minutes
Opening remarks by the chairs – Mike Jones [1:00-1:05]
Pieter Kasselman - Note taker
Ben Kaduk and Ivaylo Petrov - monitor jabber
Status of advancing the COSE bis documents to standards – Ivaylo Petrov [1:05-1:15]
Add link to slides: https://datatracker.ietf.org/doc/slides-113-cose-cose-113-draft-status/
Discussion points: Comments to be followed up on mailing list
draft-ietf-cose-hpke – Hannes Tschofenig [1:15-1:25]
Link to slides: https://datatracker.ietf.org/meeting/113/materials/slides-113-cose-draft-ietf-cose-hpke-00
Defined a new structure
HPKE Algorithm Registry in COSE
- 3 possible approaches (first one no longer possible)
- Ben Kaduk - suggests that Hannes should follow-up with IANA (use office hours, or registration policy for COSE registered experts)
- Ben Kaduk recommends option 2
Compressed Points
- Russ Housley - pointed out that desirable in small devices as it causes larger code footprint.
- Milois - There are options that does not require square root implementations. See RFC 6090
Info Structure
- Follow-up on removing option on mailing list.
draft-looker-cose-bls-key-representations – Mike Jones [1:25-1:32]
Link to slides: https://datatracker.ietf.org/meeting/113/materials/slides-113-cose-draft-looker-cose-bls-key-representations-00
Supports zero-kowledge and aggregate signature schemes
Russ Housley: Not opposed, just wan to make charter is aligned.
Chairs will take this up with area diectoror
Request for following up on mailing list
draft-looker-cose-cwt-claims-in-headers – Mike Jones [1:32-1:40]
Link to slides: https://datatracker.ietf.org/meeting/113/materials/slides-113-cose-draft-looker-cose-cwt-claims-in-headers-00
Request for following up on mailing list
draft-prorock-cose-post-quantum-signatures – Mike Prorock [1:40-1:50]
Link to slides: https://datatracker.ietf.org/doc/slides-113-cose-draft-prorock-cose-post-quantum-signatures/
Focused on hash based and lattice based scheems
NIST Process is still ongoing (round 3)
Ask on group: Read draft and comment/feedback
Brendan Moran: Already a place COSE for one of the algorithms. See RFC8778 (HSS-LMS already has a code point)
Jonathan Hammel: If algorithms are not standardised by NIST, needs to go through CFRG for evaluation.
Andrew Freglt: Are all the algorithms NIST approved post quantum (There was a mention here that HSS-LMS and XMSS are already NIST approved via Special Pub 800-208 even though they weren't in the "competition".)
Benjamin Kaduk: Support reducing fuctionality, it simplifies choices
Emmanuell Baccelli: Suggests consideration for constrained devices. We have this experimental evaluation of post-quantum signatures for constrained devices in the context of COSE/SUIT software udpates on RIOT devices https://eprint.iacr.org/2021/781.pdf (to appear at ACNS 22)
Mike Prorock - there are related specs (https://csrc.nist.gov/Projects/stateful-hash-based-signatures)
Mike Jones - COSE is chartered to register new algorithm identifiers, not new algorithms. Recommends focus on identifiers to remain within charter.
draft-selander-cose-kid-int – Göran Selander [1:50-2:00]
Link to slides: https://datatracker.ietf.org/meeting/113/materials/slides-113-cose-extending-kid-to-int-01
Benjamin Kaduk: Agrees that using kid as basis is good, but needs section on how to use it to retain interoperability. Goran: Not currently in the draft. Ben: recommends to include text in future updates
Mike Jones: In current form it is a breaking change. No RFC8152 can support it as is.
Open Microphone
Relationship of point format to the curve: how to signal new formats on same curves can create interop problems. May need to define new curves to disambiguiate between implementations.
John Preuß Mattsson: I think "compression" should be optional not mandatory. I think it makes more sense to specify optional "Compact representation" rather then "point compression". I see no benefits of point compression over compact representation.
Benjamin Kaduk: Appears reasonable that BLS work it is in charter.
Mike Jones: Thanks Benjamin Kaduk for contribution as securtity area director