Re: [COSE] WG Action: Rechartered CBOR Object Signing and Encryption (cose)
Jim Schaad <ietf@augustcellars.com> Fri, 04 January 2019 00:26 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCADD131383 for <cose@ietfa.amsl.com>; Thu, 3 Jan 2019 16:26:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0gUVPp4-43J8 for <cose@ietfa.amsl.com>; Thu, 3 Jan 2019 16:26:06 -0800 (PST)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1B5D131382 for <cose@ietf.org>; Thu, 3 Jan 2019 16:26:05 -0800 (PST)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 3 Jan 2019 16:26:00 -0800
From: Jim Schaad <ietf@augustcellars.com>
To: cose@ietf.org
CC: 'Eric Rescorla' <ekr@rtfm.com>, 'Benjamin Kaduk' <kaduk@mit.edu>
References: <154655751212.29582.738642138052838844.idtracker@ietfa.amsl.com>
In-Reply-To: <154655751212.29582.738642138052838844.idtracker@ietfa.amsl.com>
Date: Thu, 03 Jan 2019 16:25:57 -0800
Message-ID: <032f01d4a3c4$11df9590$359ec0b0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQKNH7I1v4bjHQmT7+3jqpyoohoPNaQtSIIQ
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/4RTL-KRDKXL4izF1eYW8FdDD0Yg>
Subject: Re: [COSE] WG Action: Rechartered CBOR Object Signing and Encryption (cose)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jan 2019 00:26:09 -0000
YEAAAAAH And many thanks to EKR. Jim > -----Original Message----- > From: COSE <cose-bounces@ietf.org> On Behalf Of The IESG > Sent: Thursday, January 3, 2019 3:19 PM > To: IETF-Announce <ietf-announce@ietf.org> > Cc: cose-chairs@ietf.org; The IESG <iesg@ietf.org>; cose@ietf.org > Subject: [COSE] WG Action: Rechartered CBOR Object Signing and Encryption > (cose) > > The CBOR Object Signing and Encryption (cose) WG in the Security Area of the > IETF has been rechartered. For additional information, please contact the Area > Directors or the WG Chairs. > > CBOR Object Signing and Encryption (cose) > ----------------------------------------------------------------------- > Current status: Proposed WG > > Chairs: > Matthew Miller <linuxwolf+ietf@outer-planes.net> > Ivaylo Petrov <ivaylo@ackl.io> > > Assigned Area Director: > Eric Rescorla <ekr@rtfm.com> > > Security Area Directors: > Eric Rescorla <ekr@rtfm.com> > Benjamin Kaduk <kaduk@mit.edu> > > Mailing list: > Address: cose@ietf.org > To subscribe: https://www.ietf.org/mailman/listinfo/cose > Archive: https://mailarchive.ietf.org/arch/browse/cose/ > > Group page: https://datatracker.ietf.org/group/cose/ > > Charter: https://datatracker.ietf.org/doc/charter-ietf-cose/ > > CBOR Object Signing and Encryption (COSE, RFC 8152) describes how to create > and process signatures, message authentication codes, and encryption using > Concise Binary Object Representation (CBOR, RFC 7049) for serialization. > COSE additionally describes a representation for cryptographic keys. > > COSE has been picked up and is being used both by a number of groups within > the IETF (i.e. ACE, CORE, ANIMA, 6TiSCH and SUIT) as well as outside of the > IETF (i.e. W3C and FIDO). There are a number of implementations, both open > source and private, now in existence. The specification is now sufficiently > mature that it makes sense to try and advance it to STD status. > > The standards progression work will focus on: > 1. Should the document be split in two? The first document would > contain the definitions of the structures and rules for processing > them. The second document would contain the set of original > algorithms that were defined. > 2. What areas in the document need clarification before the document > can be progressed? > 3. What implementations exist and do they cover all of the major > sections of the document? > 4. Resolution of any Errata or ambiguities in the document > > There are a small number of COSE related documents that will also be > addressed by the working group dealing with additional attributes and > algorithms that need to be reviewed and published. The first set are listed > below in the deliverables. A re-charter will be required to expand this list. > > The SUIT working group has identified a need for the use of hash-based > signatures in the form of Leighton-Micali Signatures (LMS) (draft-mcgrew- > hash-sigs). This signature form is resistant to quantum computer attacks and is > low-cost for validation. The SUIT working group additionally has identified a > need for registering hash functions for indirect packaging. > > The W3C Web Authentication working group has identified a need for the > ability to use algorithms which are currently part of TPMs which are widely > deployed. > > At the time COSE was developed, there was a sense that X.509 certificates > were not a feature that needed to be transferred from the JOSE key document > (RFC 7517). Since that time a better sense of how > X.509 certificates would be used both in the IoT sphere and with COSE outside > of the IoT sphere has been developed. The ability to identify or carry X.509 > certificates now needs to be provided. This will require the definition of a > small number of hash functions for compact references to X.509 certificates. > > Key management and binding of keys to identities are out of scope for the > working group. The COSE WG will not innovate in terms of cryptography. The > specification of algorithms in COSE is limited to those in RFCs, active CFRG or > IETF WG documents, or algorithms which have been positively reviewed by the > CFRG. > > The working group will coordinate its progress with the ACE, SUIT and CORE > working groups to ensure that we are fulfilling the needs of these > constituencies to the extent relevant to their work. Other groups may be added > to this list as the set of use cases is expanded, in consultation with the > responsible Area Director. > > The WG will have five deliverables: > > 1. Republishing a version of RFC 8152 suitable for advancement to Internet > Standard. > 2. Use of Hash-based Signature algorithms in COSE using > draft-housley-suit-cose-hash-sig as a starting point (Informational). > 3. Placement of X.509 certificates in COSE messages and keys using > draft-schaad-cose-x509 as a starting point (Informational). > 4. Define the algorithms needed for W3C Web Authentication for COSE using > draft-jones-webauthn-cose-algorithms and draft-jones-webauthn-secp256k1 > as a starting point (Informational). > 5. Define a small number of hash functions for X.509 certificate thumbprints > and for indirect signing (for SUIT) (Informational). > > > _______________________________________________ > COSE mailing list > COSE@ietf.org > https://www.ietf.org/mailman/listinfo/cose