COSE IETF 112 ==================== ## Connection details * Date: November 10, 2021 * Meeting link: https://meetings.conf.meetecho.com/ietf112/?group=cose&short=&item=1 * Slides link: https://datatracker.ietf.org/meeting/112/session/cose # Action Items * See below # Minutes ## 1. Administrivia (Chairs) ## 2. Document Status (Chairs) - 5 min IP: Hash algs draft have some questions from the RFC editor. IP: 8152-bis-algs in AUTH 48. GS: https://github.com/cose-wg/cose-rfc8152bis/pull/34 MJ: We should not make this change, since this is becoming a proposed standard. CB: We have learnt something in the process from internet standard to proposed standard MJ: Not worth making the change. JPM: As much breaking change as algorithm. Has been discussed extensibly in the mailing list. MJ: Difference compared to alg, no expectation for changed basic data structure. BK: Agree with CB that there is something learned in the process. Would require another WGLC and a LC. Also an option to have a separate proposed standard updating the Internet standard. RM: I can remember changes made when going from proposed or Internet standard. Used versioning to indicate. CB: Versioning is not needed, since CBOR allows type to be detected. IP: Continue discussion later, due to time constraints. ## 3. x509 (Chairs) - 10 min IP: Past IESG evaluation, MR has done the shepherding. IP: All involved, please take a look that github issues are resolved. IP: The chairs and Carsten to look at media type, suggest text. * CB: Will do. IP: John: Please have another look at the PR. JPM: I looked recently and looks good. IP: Phrasing of x5bag/chain, previously argued for protection of those. * IP will make an issue. ## 4. draft-ieft-cbor-encoded-cert (Göran Selander) - 10 min GS: Splitting out revocation? BK: May be concerns in IESG. Revocation may be referenced with normative dependence. RH: Not in favor, some situation as single draft DKG: Concerns about OCSP, well known issues, privacy issues with X.509, alternatives for handling with C509. CB: Have the CRL section would get draft through IESG. OCSP could be separated. JPM: Any opinion about Mozilla CRL light? * IP: We will look individually for reviewers. ## 5. HPKE for COSE - Russ - 10 min RH: Based out of SUIT work on how to encrypt firmware. Useful beyond firmware encryption. Three layers in COSE: layer 3 for encryption with shared secret, layer 2 encrypted CEK, layer 1 encrypted plain text. Some implementation experience. Also, recent discussion on the mailing list. JPM: Should COSE work on HPKE and non-HPKE KEMs? RH: Same question in LAMPS. What is the cleanest way for PQ-KEMs. Using KEM recipient info. * IP: Chairs to issue call-for-adoption ## 6. Fast-verification friendly ECDSA (Rene Struik) - 10 min RS: Introducing ECDSA*, fast batch verifications. Did not conclude due to lack of time. Those interested should reach out for Rene. ## 7. AOB - 10 min