Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

CBOR Object Signing and Encryption (cose)

WG	Name	CBOR Object Signing and Encryption
	Acronym	cose
	Area	Security Area (sec)
	State	Active
	Charter	charter-ietf-cose-05 Approved
	Document dependencies	Document dependencies Loading... Pan and zoom the dependency graph after the layout settles. Show legend Loading...
	Additional resources	Issue tracker, Wiki, Zulip Stream
Personnel	Chairs	Ivaylo Petrov, Michael B. Jones
	Area Director	Paul Wouters
Mailing list	Address	cose@ietf.org
	To subscribe	https://www.ietf.org/mailman/listinfo/cose
	Archive	https://mailarchive.ietf.org/arch/browse/cose/
Chat	Room address	https://zulip.ietf.org/#narrow/stream/cose

Charter for Working Group

CBOR Object Signing and Encryption (COSE, RFC 9052) describes how to
create and process signatures, message authentication codes, and
encryption using Concise Binary Object Representation (CBOR, RFC 8949)
for serialization. COSE additionally describes a representation for
cryptographic keys.

The COSE working group handles four types of (intended status Standard Track) documents:

Documents that describe the use of cryptographic algorithms in COSE.
Documents that describe additional attributes for COSE.
Documents that define header parameters to be used in COSE objects.
Documents that define COSE key representations.

The WG will evaluate, and potentially adopt, documents dealing with algorithms
that would fit the criteria of being IETF consensus algorithms.

Key management and binding of keys to identities are out of scope for
the working group. The COSE WG will not innovate in terms of
cryptography. The specification of algorithms in COSE is limited to
those in RFCs, active IRTF CFRG or IETF WG documents, or algorithms which
have been positively reviewed by the IRTF CFRG.

The COSE WG will also work on a CBOR encoding of the certificate profile
defined in RFC 5280. It is expected that the encoding works with RFC 7925.
The main objective is to define a method of encoding current X.509
certificates that meet a specific profile into a smaller format. This
encoding shall be invertible, so they can be expanded and normal X.509 certificate
processing can be used. This work is currently happening in draft-ietf-cose-cbor-encoded-cert.

Milestones

Date	Milestone	Associated documents
Jan 2026	One or more documents describing the proper use of algorithms.	draft-ietf-cose-sphincs-plus draft-ietf-cose-hpke draft-ietf-cose-dilithium draft-ietf-cose-falcon
Nov 2025	A CBOR encoding of the certificate profile to the IESG	draft-ietf-cose-cbor-encoded-cert
Jul 2025	COSE header parameters for COSE objects that carry a payload that is an output of a hash function on an original payload to IESG	draft-ietf-cose-hash-envelope
Jun 2025	COSE header parameters for incorporating “COSE Receipts” into COSE objects to IESG	draft-ietf-cose-merkle-tree-proofs
Jun 2025	COSE header parameters for RFC 3161-based timestamping into COSE objects to IESG	draft-ietf-cose-tsa-tst-header-parameter