Minutes for COSE at IETF-95
minutes-95-cose-1

COSE Meeting Minutes

1. Ephemeral Diffie-Hellman Over COSE
Jim Schad: I think this is out of scope. ACE might be a better forum.

2. CBOR Encoded Message Syntax
*ISSUE: Key parameter for IV? Mixed views raised on if a key parameter for
IV is needed. Consensus in the room: Worth keeping it in; need to make the
specification clear.

*ISSUE: COSE Padding for Encryption?
No one raised a concern that this should be addressed at this point in
time.

*ISSUE: Publicly Visible Specifications Required? Mixed historic views for
and against "specification required". This issue applies to all
registries.
Chair: The registry can be split to allow for some public and some
private.
Consensus: Specification required with expert review for non-private parts.

*ISSUE: Remove "operation time"?
Mixed views. Room essentially split on keep or drop.
Consensus: drop.

*ISSUE: Add ECDH and EdDSA for Curve25519?
Consensus: Keep these in the draft. Coordinate with JOSE on identifiers.

*ISSUE: Make "alg" field optional?
May want crypto agility only at setup time. Making this optional can
reduce message sizes.
Consensus: Make it optional

*ISSUE: Define 'bstr' Counter Signature?
Consensus in the room: Keep it.

*Review of Github issues:
Chairs need to assign an editor to address issue #21
#15 - Jim recommends making the change.
#5 -
Updated messages draft provided by Jim by 4/20.
Should do a WGLC. Check with Sean

* Why is PKCS#11 v1.1 and RSA 1.5 in the document? Do we need it?
Not much support for PSS in things like Java. Be sure to capture why RSA
1.5 is needed to address Java, etc.

3. COSE Additional Algorithms

Jim presented to the WG for consideration to handle additional algorithms
outside the scope of the core document.