Pieter Kasselman - Note taker
Ben Kaduk and Ivaylo Petrov - monitor jabber
Add link to slides: https://datatracker.ietf.org/doc/slides-113-cose-cose-113-draft-status/
Discussion points: Comments to be followed up on mailing list
Link to slides: https://datatracker.ietf.org/meeting/113/materials/slides-113-cose-draft-ietf-cose-hpke-00
Defined a new structure
HPKE Algorithm Registry in COSE
- 3 possible approaches (first one no longer possible)
- Ben Kaduk - suggests that Hannes should follow-up with IANA (use office hours, or registration policy for COSE registered experts)
- Ben Kaduk recommends option 2
Compressed Points
- Russ Housley - pointed out that desirable in small devices as it causes larger code footprint.
- Milois - There are options that does not require square root implementations. See RFC 6090
Info Structure
- Follow-up on removing option on mailing list.
Link to slides: https://datatracker.ietf.org/meeting/113/materials/slides-113-cose-draft-looker-cose-bls-key-representations-00
Supports zero-kowledge and aggregate signature schemes
Russ Housley: Not opposed, just wan to make charter is aligned.
Chairs will take this up with area diectoror
Request for following up on mailing list
Link to slides: https://datatracker.ietf.org/meeting/113/materials/slides-113-cose-draft-looker-cose-cwt-claims-in-headers-00
Request for following up on mailing list
Link to slides: https://datatracker.ietf.org/doc/slides-113-cose-draft-prorock-cose-post-quantum-signatures/
Focused on hash based and lattice based scheems
NIST Process is still ongoing (round 3)
Ask on group: Read draft and comment/feedback
Brendan Moran: Already a place COSE for one of the algorithms. See RFC8778 (HSS-LMS already has a code point)
Jonathan Hammel: If algorithms are not standardised by NIST, needs to go through CFRG for evaluation.
Andrew Freglt: Are all the algorithms NIST approved post quantum (There was a mention here that HSS-LMS and XMSS are already NIST approved via Special Pub 800-208 even though they weren't in the "competition".)
Benjamin Kaduk: Support reducing fuctionality, it simplifies choices
Emmanuell Baccelli: Suggests consideration for constrained devices. We have this experimental evaluation of post-quantum signatures for constrained devices in the context of COSE/SUIT software udpates on RIOT devices https://eprint.iacr.org/2021/781.pdf (to appear at ACNS 22)
Mike Prorock - there are related specs (https://csrc.nist.gov/Projects/stateful-hash-based-signatures)
Mike Jones - COSE is chartered to register new algorithm identifiers, not new algorithms. Recommends focus on identifiers to remain within charter.
Link to slides: https://datatracker.ietf.org/meeting/113/materials/slides-113-cose-extending-kid-to-int-01
Benjamin Kaduk: Agrees that using kid as basis is good, but needs section on how to use it to retain interoperability. Goran: Not currently in the draft. Ben: recommends to include text in future updates
Mike Jones: In current form it is a breaking change. No RFC8152 can support it as is.
Relationship of point format to the curve: how to signal new formats on same curves can create interop problems. May need to define new curves to disambiguiate between implementations.
John Preuß Mattsson: I think "compression" should be optional not mandatory. I think it makes more sense to specify optional "Compact representation" rather then "point compression". I see no benefits of point compression over compact representation.
Benjamin Kaduk: Appears reasonable that BLS work it is in charter.
Mike Jones: Thanks Benjamin Kaduk for contribution as securtity area director