COSE IETF 113
====================

## Connection details

* Date: March 21, 2022
* Meeting link:
  https://wws.conf.meetecho.com/conference/?group=cose
* Slides link:
  https://datatracker.ietf.org/meeting/113/session/cose


# Action Items

  * draft-ietf-cose-hpke 
      * Continue conversation on mailing list
  * draft-looker-cose-bls-key-representations
      * Continue conversation on mailing list
      * Ben Kaduk: Appears reasonable that BLS work it is in charter.
  * draft-prorock-cose-post-quantum-signatures
      * Mike Jones: COSE is chartered to register new algorithm identifiers, not new algorithms. Recommends focus on identifiers to remain within charter.
      * Jonathan Hammel: If algorithms are not standardised by NIST, needs to go through CFRG for evaluation.
      * Simplify choices/parameters to reduce implementation risks
      * Ask on group: Read draft and comment/feedback on mailing list
  *  draft-selander-cose-kid-int
      * Mike Jones: In current form it is a breaking change. RFC8152 implementation cannot support it as is.
      * Benjamin Kaduk recommend adding section on how to use it to retain interoperability 
  * Mike Jones: Thanks Benjamin Kaduk for contribution as securtity area director


# Minutes

## Opening remarks by the chairs – Mike Jones [1:00-1:05]
Pieter Kasselman - Note taker
Ben Kaduk and Ivaylo Petrov - monitor jabber


## Status of advancing the COSE bis documents to standards – Ivaylo Petrov [1:05-1:15]
Add link to slides: https://datatracker.ietf.org/doc/slides-113-cose-cose-113-draft-status/
Discussion points: Comments to be followed up on mailing list

## draft-ietf-cose-hpke – Hannes Tschofenig [1:15-1:25]
Link to slides: https://datatracker.ietf.org/meeting/113/materials/slides-113-cose-draft-ietf-cose-hpke-00
Defined a new structure
HPKE Algorithm Registry in COSE
- 3 possible approaches (first one no longer possible)
- Ben Kaduk - suggests that Hannes should follow-up with IANA (use office hours, or registration policy for COSE registered experts)
- Ben Kaduk recommends option 2
Compressed Points
- Russ Housley - pointed out that desirable in small devices as it causes larger code footprint.
- Milois - There are options that does not require square root implementations. See RFC 6090
Info Structure
- Follow-up on removing option on mailing list.


## draft-looker-cose-bls-key-representations – Mike Jones [1:25-1:32]
Link to slides: https://datatracker.ietf.org/meeting/113/materials/slides-113-cose-draft-looker-cose-bls-key-representations-00
Supports zero-kowledge and aggregate signature schemes
Russ Housley: Not opposed, just wan to make charter is aligned. 
Chairs will take this up with area diectoror
Request for following up on mailing list

## draft-looker-cose-cwt-claims-in-headers – Mike Jones [1:32-1:40]
Link to slides: https://datatracker.ietf.org/meeting/113/materials/slides-113-cose-draft-looker-cose-cwt-claims-in-headers-00
Request for following up on mailing list

## draft-prorock-cose-post-quantum-signatures – Mike Prorock [1:40-1:50]
Link to slides: https://datatracker.ietf.org/doc/slides-113-cose-draft-prorock-cose-post-quantum-signatures/
Focused on hash based and lattice based scheems
NIST Process is still ongoing (round 3)
Ask on group: Read draft and comment/feedback
Brendan Moran: Already a place COSE for one of the algorithms. See RFC8778 (HSS-LMS already has a code point)
Jonathan Hammel: If algorithms are not standardised by NIST, needs to go through CFRG for evaluation.
Andrew Freglt: Are all the algorithms NIST approved post quantum (There was a mention here that HSS-LMS and XMSS are already NIST approved via Special Pub 800-208 even though they weren't in the "competition".)
Benjamin Kaduk: Support reducing fuctionality, it simplifies choices
Emmanuell Baccelli: Suggests consideration for constrained devices. We have this experimental evaluation of post-quantum signatures for constrained devices in the context of COSE/SUIT software udpates on RIOT devices https://eprint.iacr.org/2021/781.pdf (to appear at ACNS 22)
Mike Prorock - there are related specs (https://csrc.nist.gov/Projects/stateful-hash-based-signatures)
Mike Jones - COSE is chartered to register new algorithm identifiers, not new algorithms. Recommends focus on identifiers to remain within charter.


## draft-selander-cose-kid-int – Göran Selander [1:50-2:00]
Link to slides: https://datatracker.ietf.org/meeting/113/materials/slides-113-cose-extending-kid-to-int-01
Benjamin Kaduk: Agrees that using kid as basis is good, but needs section on how to use it to retain interoperability. Goran: Not currently in the draft. Ben: recommends to include text in future updates
Mike Jones: In current form it is a breaking change. No RFC8152 can support it as is.

## Open Microphone
Relationship of point format to the curve: how to signal new formats on same curves can create interop problems. May need to define new curves to disambiguiate between implementations. 
John Preuß Mattsson: I think "compression" should be optional not mandatory. I think it makes more sense to specify optional "Compact representation" rather then "point compression". I see no benefits of point compression over compact representation.
Benjamin Kaduk: Appears reasonable that BLS work it is in charter.
Mike Jones: Thanks Benjamin Kaduk for contribution as securtity area director