Minutes interim-2022-cose-01: Wed 16:00
minutes-interim-2022-cose-01-202201261600-00

COSE Virtual Interim
====================

## Connection details

* Date: January 26, 2022
* Time: 08:00-09:00 Pacific, 17:00 CEST:
  https://www.worldtimebuddy.com/?qm=1&lid=8,12,100&h=8&date=2022-01-26&sln=8-9&hf=0
* Meeting recording:
  https://youtu.be/82Yso4ls54k
* Slides link:
  https://datatracker.ietf.org/meeting/interim-2022-cose-01/session/cose

# Attendees

* Ivaylo Petrov, Google
* Mike Jones, Microsoft
* Christian Amsüss
* Göran Selander, Ericsson
* Carsten Bormann, TZI
* Rikard Höglund, RISE
* Marco Tiloca, RISE
* Russ Housley, Vigil Security
* Hannes Tschofenig, Arm
* Jonathan Hammell, Canadian Centre for Cyber Security
* Michael Richardson

# Action Items

- Chairs and AD will perform a consistency check between
draft-ietf-cose-rfc8152bis-algs and draft-ietf-cose-rfc8152bis-struct, both in
AUTH48 - Ivalyo will post an update to the x509 draft - Hannes will post a
request on CFRG mailing list to add in their IANA HPKE registry a request to
inform COSE experts when updates are made - Hannes will post
draft-ietf-cose-hpke-01 before IETF 113

# Minutes

## Administrivia (Chairs) - 5 min

Minute takers: Hannes Tschofenig and Jonathan Hammell

## Document Status (Chairs) - 10 min
Ivaylo presented the document status based on the chair slides.

## x509 (Chairs) - 10 min
https://github.com/cose-wg/X509/issues

Russ: Are these issues from WGLC?
Ivalyo: Some are from earlier, but yes these are being handled as WGLC issues.

issue #31: https://github.com/cose-wg/X509/issues/31
Unfortunately none of the persons raising & discussing the issue where in the
meeting.

No comment from meeting participants on issue #31.

Göran: Should a new version of the draft be published once the issues are
resolved and closed. Ivalyo: Yes, publishing a new version is a good idea once
we reach consensus. Göran: The draft says it is expired. So it would be great
if we can have an updated version.

Ivalyo will update the draft.

## draft-ietf-cbor-encoded-cert - 5 min

Göran: a couple of todos.
Some revocation information, such as OCSP, will be included but not everything.
Will be in the next draft version.

* Example of using devid cert

Requests for other implementations. There is one implementation converting
X.509 certs to the compressed version by John (in Rust). There are requests for
C-based implementations. The co-authors from the RISE group will implement the
C-based library.

Looking for a full review of the draft from the working group.

## HPKE for COSE - Hannes - 20 min

https://github.com/cose-wg/HPKE

Hybrid public key encryption specification developed within the CFRG.

Call for adoption on including HPKE in COSE held before Christmas, but it has
finished after delays over the holidays. Accepted as a work item and submitted
as draft-ietf-cose-hpke-00.

Question as to whether to re-use the IANA HPKE registry or to create a new
registry for COSE. Proposal to create a mapping such that when a new algorithm
is added to the IANA HPKE registry, it will become available for COSE HPKE use
as automatically. Göran, John and Ilari had requested this and Russ had
expressed that he was in favour. No objections raised by meeting participants.

Carsten pointed out that an automatic process for this mapping is not available
in IANA at this time, so it may require some administrative work to
synchronize. Mike suggested putting instructions for experts to do this. Russ
pointed out that COSE is not in charge of the main HPKE registry, so it is not
as clean.

Jonathan asked if there is an issue to selecting values for algorithms since
COSE reserves low values for high-use parameters. Hannes said this can be
handled for the initial case, but there will need to be rules going forward.
Carsten said it should be the job for the COSE expert to select the values in
the registry, and we should request adding instructions to the CFRG registry to
inform the COSE experts when new algorithms are added. Hannes will post a
request for such instructions to the CFRG mailing list.

Currently there is a three layer structure. Ilari had proposed collapsing to a
two layer structure to have smaller size and match the AES-KW structure.
Disadvantage in that it does not match other semi-static techniques in COSE.
Russ said he likes it because it aligns well for COSE use case in SUIT. Carsten
encouraged pursuing this, but needs to look at it further. Later, Göran
expressed support for the two layer structure, but headers may need to be
protected whereas it is not required in the AES-KW structure. Russ said we need
to think through the structure for multiple recipients. Hannes said that the
first layer would be unchanged for multiple recipients, but the second layer
would need to be repeated. Russ clarified that the wrapped content encryption
key will be different for each recipient. Hannes will move the -01 revision of
the draft to use the two-layer structure.

Ilari had suggested to define a new KTY structure for use in HPKE since it
would work with new post-quantum algorithms. One suggestion was to use elliptic
curve compressed points. Carsten that compressed points were not used earlier
due to patents, but these patents may now have expired. Russ informed the group
that Wikipedia says the patent was enforceable until end of 2020. Second
suggestion is to allow the COSE_Key structure to carry private keys. This could
be useful for configuration and keys in DNS. It is also in-line with Encrypted
Client Hello approach in TLS WG. New key type structure could just be a new
value in an existing COSE registry.

Revision of draft (-01) planned to be submitted in time for IETF 113. Will
require update to the corresponding SUIT firmware encryption draft.

Reference implementation is being worked on in order to generate examples. This
reference implementation may be worked on at the IETF 113 hackathon.

## AOB - 10 min

No other business raised.