COSE IETF 119

Connection details

Action Items

Minutes

Opening Remarks - The Chairs [15:30-15:40]

https://datatracker.ietf.org/doc/slides-119-cose-cose-chair-slides/

draft-ietf-cose-hpke - Hannes Tschofenig [15:40-15:55]

https://datatracker.ietf.org/doc/slides-119-cose-cose-hpke/

HT is presenting the slides.
Explains the improvements in therminology.
p4 - Explains context setting and why that is important to prevent
attacks. We will get a look by a real cryptographer, who worked on a
~recently announced attack.
MO: There was a recently presented attack
Tirumaleswar Reddy.K: It should not affect this draft
OS: There is time to figure this out
HT: Maybe it's for the draft that will be presented after this.

HT: Hopes to have this stable by next IETF.

draft-ietf-cose-key-thumbprint - Hannes Tschofenig [15:55-16:00]

https://datatracker.ietf.org/doc/slides-119-cose-cose-key-thumbprint/

There was been some feedback, there will be probably more feedback to
come (please get your feedback before april fool's day).

draft-tschofenig-cose-cwt-chain - Hannes Tschofenig [16:00-16:10]

https://datatracker.ietf.org/doc/slides-119-cose-cwt-chain/

Originally was in SUIT document (you think some CWT like a certificate,
but was not able to present a chain). Extracted it from the SUIT
document to allow using it outside of SUIT.

They didn't need the whole x509 terminology for what they needed.
Explains relation to RFC 9360.

CB: I see a pattern - can we find a more generic solution.
?: I would expect only one of the options (1-2 header parameter) to be
used at a time.
OS: There would be security implications if multiple header parameters
are present at the same time.
MJ: Anyone for and against doing a call for adoption on the list? (a few
people nod in support, no one reacts to speak against)

draft-demarco-cose-header-federation-trust-chain - John Bradley [16:10-16:15]

https://datatracker.ietf.org/doc/slides-119-cose-cose-header-parameter-for-carrying-openid-federation-10-trust-chains/

Talks about the federation meta-data trust chain.

Mike+Hannes pointing out that there is a possiblity to collaborate on a
common document.

Orie suggests to talk to STIR for chaining.

Casten: Do you need to know that it is an OIDC document?

John: Yes, if you want to do something more complex.

Hannes+John: Need to find out what level of application logic is needed
in the specification for parsing the trust chain.

draft-ietf-cose-dilithium and draft-ietf-cose-sphincs-plus - Mike Prorock [16:15-16:25]

https://datatracker.ietf.org/doc/slides-119-cose-pq-signatures/

Mike talked about the draft update.

Question for the group: At what point should we register the algorithms?

MikeJ: Pre-registrations could be done (for interop-testing)

MikeO: Don't register something in IANA prior to NIST completing the
work so that you do not have non-interoperable implementations

Carsten: In COSE we have several ways to use values that do not require
a final registration (e.g. private key range)

draft-ietf-cose-merkle-tree-proofs - Orie Steele [16:25-16:35]

https://datatracker.ietf.org/doc/slides-119-cose-cose-receipts/

Generic scheme for creating receipts for logs

Mike: Who can liaison with the SCITT group?

Orie: I can.

Support from the SCITT people in the receipt field.

draft-ietf-cose-cbor-encoded-cert - John Mattsson [16:35-16:45]

https://datatracker.ietf.org/doc/slides-119-cose-c509-certificates/

Would like to get the document to WGLC before the next meeting.

John starts his presentation.

Monty will requirew the document. Steve will also take a look

MikeO: If we make a breaking verification, you better make the changes
now.

Carsten: How will those who have deployed the specification already be
dealing with the proposed change with the signature algorithm?

Mike: what is the reason for moving the field?

John: Performance improvement

Mike: Is there a pre-allocation of assigned numbers?

John: No.

Mike: If it is not final, it is not final.
It is up to you what you request.

Carsten: Change the number and mark the old number as reserved.

Goran: Could we ask this question to the group?

Poll by Mike: Should we change numbers?

Mike: Support for suggestion for Carsten.

Goran: Should we reserve the old number?

John: There is no suggestion to Carsten's suggestion.

draft-ietf-cose-bls-key-representations - Tobias Looker [16:45-16:50]

https://datatracker.ietf.org/doc/slides-119-cose-barreto-lynn-scott-elliptic-curve-key-representations-for-jose-and-cose/

Orie: Don't do the compressed curve representation of the curve. It is
similar to the ECC compression. The compressed versions are not useful.

draft-reddy-cose-jose-pqc-kem - Tiru Reddy [16:50-16:55]

https://datatracker.ietf.org/doc/slides-119-cose-pq-kems-for-cose-and-jose/

Tiru: ML-KEM does not seem to have the same security properties than the
HPKE draft.

Orie: In the COSE registry there are lots of algorithms. Does the COSE
working group wants this KEM constructions without the wrappers? Let's
not have a bunch of algorithms mostly doing the same thing.

MikeP.: A lot of feedback was alerady provided yesterday at JOSE.

AOB [16:55-17:00]

Vote on moving the alg? in c509 (outcome definite yes - 9? for, no
against).
~Should we mark as reserved the old numbers (outcome probably yes - 4-5
yes, 4-5 I don't know)