[{"author": "Michael Prorock", "text": "top right there is a little icon for \"presentation\" view<br/>", "time": "2022-03-21T12:03:09Z"}, {"author": "Jeffrey Haas", "text": "jabber and meetecho chat are equivalent.<br/>", "time": "2022-03-21T12:06:15Z"}, {"author": "Bob Moskowitz", "text": "Set up the registry with IANA.<br/>", "time": "2022-03-21T12:18:37Z"}, {"author": "Bob Moskowitz", "text": "Once and done.<br/>", "time": "2022-03-21T12:18:45Z"}, {"author": "Mike Jones", "text": "Ivo, when Hannes finishes, can you please project the draft-looker-cose-bls-key-representations slides for us?&nbsp;&nbsp;Thanks.<br/>", "time": "2022-03-21T12:22:09Z"}, {"author": "Mike Jones", "text": "And then after that, the draft-looker-cose-cwt-claims-in-headers slides?<br/>", "time": "2022-03-21T12:22:36Z"}, {"author": "Ivaylo Petrov", "text": "yes, of course! :)<br/>", "time": "2022-03-21T12:23:26Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "(And if your square-root function is buggy, like openssl's, you can<br/>get nasty security vulnerabilities, if you try to decompress the<br/>points in the process of deserializing things)<br/>", "time": "2022-03-21T12:24:21Z"}, {"author": "Bob Moskowitz", "text": "Buggy square-root?&nbsp;&nbsp;that is SCARY!<br/>", "time": "2022-03-21T12:25:07Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "One of the parameters passed to the function is the prime modulus of<br/>the field you're operating in.&nbsp;&nbsp;Primality checking is expensive, so<br/>that part of the input is not validated, and if you pass in a<br/>non-prime, the algorithm can hit an infinite loop.&nbsp;&nbsp;(The worst part of<br/>the openssl bug is arguably that the \"prime\" to use was taken as<br/>unvalidated input from the network and passed in directly.)<br/>", "time": "2022-03-21T12:26:31Z"}, {"author": "John Preu\u00df Mattsson", "text": "I think \"compression\" should be optional not mandatory. I think it makes more sense to specify optional \"Compact representation\" rather then \"point compression\". I see no benefits of point compression over compact representation.<br/>", "time": "2022-03-21T12:26:47Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "John: I would ask if you want that taken to the mic, but we've already<br/>been told to take it to the list, so do that instead :)<br/>", "time": "2022-03-21T12:27:28Z"}, {"author": "Bob Moskowitz", "text": "Even the Olivetti Programma 101 that I used in '69 had a reliable square-root function.&nbsp;&nbsp;I needed it for my ln() function estimation!<br/>", "time": "2022-03-21T12:27:29Z"}, {"author": "John Preu\u00df Mattsson", "text": "Registering \"compact representation\" was that was discussed in CFRG and agreed that it might be done later.<br/>", "time": "2022-03-21T12:27:50Z"}, {"author": "Bob Moskowitz", "text": "So not really square-root.&nbsp;&nbsp;But a broader problem, blaming square-root.&nbsp;&nbsp;OK.<br/>", "time": "2022-03-21T12:29:06Z"}, {"author": "Henk Birkholz", "text": "Well... the eu uses cwt in base64 for covpass :sweat_smile:<br/>", "time": "2022-03-21T12:32:58Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "Why do they need base64?<br/>", "time": "2022-03-21T12:33:35Z"}, {"author": "Brendan Moran", "text": "RFC8778?<br/>", "time": "2022-03-21T12:35:57Z"}, {"author": "kivinen", "text": "d<br/>", "time": "2022-03-21T12:36:18Z"}, {"author": "Brendan Moran", "text": ":arrow_up:for HSS-LMS<br/>", "time": "2022-03-21T12:36:36Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "Brendan: one of us should probably jump up in the queue to mention<br/>that when it's time for questions<br/>", "time": "2022-03-21T12:36:47Z"}, {"author": "Jonathan Hammell", "text": "If not NIST selected, the algorithms would be CFRG approved to be compliant with the COSE charter.<br/>", "time": "2022-03-21T12:36:55Z"}, {"author": "Mike Jones", "text": "Jonathan, can I call you to speak to the charter issues?<br/>", "time": "2022-03-21T12:39:04Z"}, {"author": "Brendan Moran", "text": "@ben, yup, happy to. Did XMSS get a point in COSE?<br/>", "time": "2022-03-21T12:39:09Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "@brendan I don't see an XMSS code point (yet)<br/>", "time": "2022-03-21T12:39:36Z"}, {"author": "Michael Prorock", "text": "+1 very helpful<br/>", "time": "2022-03-21T12:40:02Z"}, {"author": "Michael Prorock", "text": "yes - those two are NIST approved already<br/>", "time": "2022-03-21T12:41:29Z"}, {"author": "Quynh Dang", "text": "SP 800-208<br/>", "time": "2022-03-21T12:41:53Z"}, {"author": "Michael Prorock", "text": "<a href=\"https://csrc.nist.gov/Projects/stateful-hash-based-signatures\" rel=\"nofollow\">https://csrc.nist.gov/Projects/stateful-hash-based-signatures</a><br/>", "time": "2022-03-21T12:41:56Z"}, {"author": "Andrew Fregly", "text": "HSS/LMS, XMSS, XMSS^MT are all specified in NIST SP 800-208<br/>", "time": "2022-03-21T12:42:41Z"}, {"author": "Michael Prorock", "text": "<a href=\"https://www.ietf.org/id/draft-uni-qsckeys-00.html\" rel=\"nofollow\">https://www.ietf.org/id/draft-uni-qsckeys-00.html</a><br/>", "time": "2022-03-21T12:44:49Z"}, {"author": "Emmanuel Baccelli", "text": "We have this experimental evaluation of post-quantum signatures for constrained devices in the context of COSE/SUIT software udpates on RIOT devices <a href=\"https://eprint.iacr.org/2021/781.pdf\" rel=\"nofollow\">https://eprint.iacr.org/2021/781.pdf</a> (to appear at ACNS 22)<br/>", "time": "2022-03-21T12:45:47Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "Lots of good links coming by in this chat -- thank you all!<br/>", "time": "2022-03-21T12:46:24Z"}, {"author": "Michael Prorock", "text": "That is excellent helpful feedback Mike - thank you!&nbsp;&nbsp;Yes we want to make very clear that we are just defining how to use externally defined algorithms<br/>", "time": "2022-03-21T12:47:01Z"}, {"author": "Michael Prorock", "text": "Lot's of great contributions in from team on that as well<br/>", "time": "2022-03-21T12:47:19Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "Is G\u00f6ran's audio a little choppy for everyone or just me?<br/>", "time": "2022-03-21T12:48:43Z"}, {"author": "Jonathan Hammell", "text": "I also have choppy audio<br/>", "time": "2022-03-21T12:49:20Z"}, {"author": "Jonathan Hammell", "text": "I can still understand, though<br/>", "time": "2022-03-21T12:49:31Z"}, {"author": "Chris Lemmons", "text": "Yeah, it's choppy for me, but I can get the message.<br/>", "time": "2022-03-21T12:49:35Z"}, {"author": "Jonathan Hammell", "text": "Ben: just to clarify, you meant define new elliptic curve identifiers, not new elliptic curves for compressed points, right?<br/>", "time": "2022-03-21T12:57:57Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "Yes, new identifiers in the IANA registry<br/>", "time": "2022-03-21T12:58:14Z"}, {"author": "Russ Housley", "text": "Many thanks to Ben for many years of service!<br/>", "time": "2022-03-21T12:58:26Z"}, {"author": "Michael Prorock", "text": "thanks all!<br/>", "time": "2022-03-21T12:58:29Z"}, {"author": "Ines Robles", "text": "Thank you Ben for the excellent reviews<br/>", "time": "2022-03-21T12:58:38Z"}, {"author": "Jonathan Hammell", "text": "Thanks.<br/>", "time": "2022-03-21T12:58:40Z"}, {"author": "kaduk@jabber.org/barnowl", "text": "Thanks all, it's been a really great experience for me as AD<br/>", "time": "2022-03-21T12:58:58Z"}, {"author": "Ivaylo Petrov", "text": "Thank you Ben for all the help! :)<br/>", "time": "2022-03-21T12:59:11Z"}]