Re: [COSE] Recharter the COSE working group.
"Matthew A. Miller" <linuxwolf@outer-planes.net> Mon, 13 August 2018 20:11 UTC
Return-Path: <linuxwolf@outer-planes.net>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFF8A130E39 for <cose@ietfa.amsl.com>; Mon, 13 Aug 2018 13:11:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=outer-planes-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 51VqvWmvUzU3 for <cose@ietfa.amsl.com>; Mon, 13 Aug 2018 13:11:48 -0700 (PDT)
Received: from mail-oi0-x22e.google.com (mail-oi0-x22e.google.com [IPv6:2607:f8b0:4003:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F070C130E55 for <cose@ietf.org>; Mon, 13 Aug 2018 13:11:47 -0700 (PDT)
Received: by mail-oi0-x22e.google.com with SMTP id j205-v6so29564206oib.4 for <cose@ietf.org>; Mon, 13 Aug 2018 13:11:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outer-planes-net.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to; bh=vxiQaRqGghg5wu/5ES03cB0ViQZT06RQ8J5SCEOWVlA=; b=EBuFJGngNb0PEWtCgWonx5NBhcO6477lUa/Fa6NQE8rMVgZ89J4QUIX28603s4rRz9 xKnKaNWwLpFKgIO0T6UOMxau58yyb00w+wABbsQC9yNbbVOQ4lpbRvcgaSh5E33sm/wI 93Dq1q+OoiPXxrBF4kJJ8ZwlCiNmjnqAJvHD2kb/NruB/a7INsTVp/f22spug2W5vCIE N0gcFPHrn34QJ7daGozYKIXlNu/Rr8U2RjEHRqZ6UkeIb74xWXDYnu8W4+f4abq0r7FS 0z4A91jABL99avZG31I4b0cgdoR6ASmhr8a9cjqTYF3j2PhbUIMPI+5O6NwBSGb+fjTT 07uQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to; bh=vxiQaRqGghg5wu/5ES03cB0ViQZT06RQ8J5SCEOWVlA=; b=ApmWGEnrsxOZwsFLd3ZUwYAhYrm2Z7GTpsQXSuEXR8fxukoq5ai5OrQBzTlc7SSMzi PeOrlmfsXHbCTxrOvLBiI6JajzImo1XXj8mPQ8iVs7WQ2PfUfHkFPVTUbBjYAErnBcao HqM2U+iy98oDY/ohaLQQw9/y97AQNiCnhWOb6wC7s5NOSCpJcON5CjQiyExaIY1/SCGW 5yKHH0LHH7k4kKG8cTZbFz4IpYjbNYEClR3/Pvy29K2Gm2cnQ968XSX+3G/wz/gmBQyc QfPt2HpDKkTv4c0e/DcTnmlW15uKekRVU9OOI0iCFpQ2MmQTeGf8p/Do6E3EIfnEKU2/ Z3cw==
X-Gm-Message-State: AOUpUlEodQZtbRsBrtfchCbJ1HfQ9Xv2wPTSDnD5e0adFRygRGSZsiGS SJRy7kIHkecD/Nt/XX0YS1aHRySO7Xg=
X-Google-Smtp-Source: AA+uWPy8chJ8Pv43P6ls7kYEMLAi5gdxOwHu2QILjRvZHI/q4D2lJ6dbE+zby7ZyEMnA262HNsBl3g==
X-Received: by 2002:aca:de04:: with SMTP id v4-v6mr20779051oig.328.1534191106890; Mon, 13 Aug 2018 13:11:46 -0700 (PDT)
Received: from [10.6.21.160] ([128.177.113.102]) by smtp.gmail.com with ESMTPSA id q204-v6sm17962540oih.49.2018.08.13.13.11.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Aug 2018 13:11:46 -0700 (PDT)
To: Russ Housley <housley@vigilsec.com>, Jim Schaad <ietf@augustcellars.com>
Cc: cose <cose@ietf.org>
References: <000001d431b6$cb559720$6200c560$@augustcellars.com> <252453AB-2C28-437E-88D3-191AD2F37A8E@vigilsec.com>
From: "Matthew A. Miller" <linuxwolf@outer-planes.net>
Openpgp: preference=signencrypt
Autocrypt: addr=linuxwolf@outer-planes.net; prefer-encrypt=mutual; keydata= xsBNBFJoAooBCADQmEtpbpY/4wTeKgZIuyG7HkxIFgiUeqOvtiBKj/pCA73d7Q5hCvQdGcKJ 6uZsYz3Il9oKoKFxVt90iEXspbE39g6ek19e6RsB4j0Q10l4QvH+EqeD760gs0H2yf/eYj9i uk9/VY6axdQlPsmid1zoQgCNjSM7X4/K26WGMs03sbXJpKdoonelzIlJSNfzi0q546iplo72 D2cCm9BriMkQvcGnsm4B9eBIBn3GKmVx1tsmPNeNTyun2DvaLnrYxbA0Ivo1DzZReds9NZ25 uROI/+b+lcg9/kmHzhK+q8NMQCFWmqpS/lZRKxVBSijKGpGr5h8VLVf5iURHtwG+B/QxABEB AAHNLk1hdHRoZXcgQS4gTWlsbGVyIDxsaW51eHdvbGZAb3V0ZXItcGxhbmVzLm5ldD7CwIAE EwEKACoCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFCQvHJDEFAlirCeQCGQEACgkQ7PRy ThCeBbt+sAgAzUQokr+f+ArieIrv2JkiQLqiBaZX29Aph9YwG3OPLWSdESEKkFOSJT0LWbsC cAKHLrVfgl2+6iPhf4OOacTdqK7wS6vruPZC1ChdO7NZTgbVa0hP/Q/QKEoaMGNdfc1/lgxY 5kwh+bvGIF1+HyadytgCBBHxdVEhYI7G3ejKqA8iVwri1VW0Wjp8iWdjpF74swIHhid5GcAu 6VJgVNJw3P+WkTkNrkd2tx5yUfNXQuGyFhxwlpiuaOpIk3p74P6e8h/riMpkJ5mIH/ryGTH7 qxpEIuep2bLQZmGwBen8kf3MO/VbiA/NMY6OHdc93EBKr0g7n2BA5uFLdy79FqAA3M7ATQRS aAKKAQgAwP67h8GJUO6XYyWOrcJGXDJnnZEDS+q+bTQXkJMFa74rVIx0yioqY8QdpBJFGaMT 4DCNYe/3pw61ZTDDKqukSCfOh/ssdd8zSGTQZSX5lR4B4+00/LKWugP6iHHHYiETbBVb5bxc aR/LE41Wx3z2HsW3TkeZB6WVk82MTclS1zCuY3p9AeCvr424BSQL7KC38y2eQc95G+nabsVD c6oQ8oZOf1D2giBb2VgbYkSppKj8BKvBtmjCauWeEq/AkZKaDAdua8Qj0vEfgcoh8aavlPJi rqj1YNSyc3AO4R5prPGgTepcUpW8ip8xIPAFoJXfuvsZSV7uVP36gwApU4+ZnwARAQABwsB8 BBgBCgAmAhsMFiEEMddYjeyQaQ1rzJjg7PRyThCeBbsFAlpvpIsFCQvLWoEACgkQ7PRyThCe BbuNHAf/cchJ7kHoIr5i+jgVRuR71AGlxlMbVolnS5tza3bi9Ie63LRdOtMUE3pDUQo25cWd cP7pzwwRBCDD2GxfIuyMCWaES0xtQdTIyNOAFFOtBtCFOrsNEk+iLAu6GBr4QzSQKW1QW4/b vcfpM2pLQn7Zd6naUioEYfTHCMmYHr7hQXaPNEQ7V/J4pLVAN8bHyVgQ9ciQN91DUs6jnueM BUW7DNvuHq0RDzA+ufYdpQAjwl4z1v+rnJ79P3HTxfFdiTTAk9MjyVQklHxS067cmLYkSOku dnCOHhDmSFwkKd9EwOBNuztpjCzmM5SgOT+U/iHH+IM/Hv6bjVCiAQ5WOihe6Q==
Message-ID: <0796519c-8232-9e02-5d2c-e4dde48bc129@outer-planes.net>
Date: Mon, 13 Aug 2018 14:11:44 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.0
MIME-Version: 1.0
In-Reply-To: <252453AB-2C28-437E-88D3-191AD2F37A8E@vigilsec.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="ITQUF4ZIeIRcexa1wERbKbciOAqWb436E"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/x2jCXEC7VV7cZX0zkv2Nhshw4ks>
Subject: Re: [COSE] Recharter the COSE working group.
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Aug 2018 20:11:51 -0000
I also support this effort. The COSE WG already closed, but that shouldn't stop the proposed COSEbis WG from using this mailing list (and/or hopefully just not adopting the -bis suffix). I am curious what rationales there are for splitting the document. Not opposed, mind you; just curious. - m&m Matthew A. Miller < http://goo.gl/LM55L > On 18/08/13 13:45, Russ Housley wrote: > I support this recharter activity. The SUIT WG does not want to specify the use of hash-based signature algorithms with COSE because they have much greater applicability than just signing software packages. I did write a draft <draft-housley-suit-cose-hash-sig-04> that could be used as a starting point for this portion of the work. > > Russ > > >> On Aug 11, 2018, at 5:03 PM, Jim Schaad <ietf@augustcellars.com> wrote: >> >> I have approached the Security ADs about progressing the COSE from Proposed >> Standard to Full Standard. They have indicated that they would be open to >> this. In addition to this, there are a couple of other documents related to >> COSE which are looking for homes and this would provide an opportunity for >> them to be dealt with as well. >> >> The charter text that I have proposed is: >> >> ********************************* >> >> CBOR Object Signing and Encryption (COSE, RFC 8152) describes how to create >> and process signatures, message authentication codes, and encryption use >> Concise Binary Object Representation (CBOR, RFC 7049) for serialization. >> COSE additionally describes a representation for cryptographic keys. >> >> COSE has been picked up and is being used both by a number of groups within >> the IETF (i.e. ACE, CORE, ANAMA, 6TiSCH and SUIT) as well as outside of the >> IETF (i.e. W3C and FIDO). There are a number of implementations, both open >> source and private, now in existence. The specification is now >> sufficiently mature that it makes sense to try and advance it to STD status. >> >> The standards progression work will focus on: >> 1. Should the document be split in two? One document for the structures and >> one document for the algorithm definitions. >> 2. What areas in the document need clarification before the document can be >> progressed? >> 3. What implementations exist and do they cover all of the major sections >> of the document? >> >> There are a small number of COSE related documents that will also be >> addressed by the working group dealing with additional attributes and >> algorithms that need to be reviewed and published. The first set of three >> are listed in the deliverables. A re-charter will be required to expand >> this list. >> >> The SUIT working group has identified a need for the use of hash base >> signatures in the form of Leighton-Micali Signatures (LMS) >> (draft-mcgrew-hash-sigs). This signature form is resistant to quantum >> computing and is low-cost for validation. >> >> The W3C Web Authentication working group has identified a need for the >> ability to use algorithms which are currently part of TPMs which are widely >> deployed. Many of the algorithms for this work are not expected to be IETF >> recommended algorithms. >> >> At the time COSE was developed, there was a sense that X.509 certificates >> was not a feature that needed to be transferred from the JOSE key document >> (RFC 7517). Since that time a better sense of how certificates would be >> used both in the IoT sphere and with COSE outside of the IoT sphere has been >> developed. The need to be able to identify X.509 certificates is now a >> feature that needs to be provided. >> >> Key management and binding of keys to identities are out of scope for the >> working group. >> The COSE WG will not innovate in terms of cryptography. >> The specification of algorithms in COSE is limited to those in RFCs or >> active IETF WG documents. >> >> The working group will coordinate its progress with the ACE, SUIT and CORE >> working groups to ensure that we are fulfilling the needs of these >> constituencies to the extent relevant to their work. >> Other groups may be added to this list as the set of use cases is expanded. >> >> The WG will have four deliverables: >> >> 1. Republishing a version of RFC 8152 suitable for advancement to full >> standard. >> 2. Use of Hash-based Signature algorithms in COSE using >> draft-housley-suit-cose-hash-sig as a starting point. >> 3. Placement of X.509 certificates in COSE messages and keys using >> draft-schaad-cose-x509 as a starting point. >> 4. Define the algorithms needed for W3C Web Authentication for COSE using >> draft-jones-webauthn-cose-algorithms and draft-jones-webauthn-secp256k1 as a >> starting point. >> >> ****************************** >> >> I don't currently have a set of milestones associated with this charter in >> part because I have not talked to everybody about what they believe they can >> do. >> >> For RFC 8152, assuming that the document is split into two pieces, I would >> expect that we should be able to get the split documents to the IESG prior >> to the Prague meeting. Assuming that the IESG requires that we wait an >> additional six months of the new document I would expect that roughly nine >> months later an updated document could go to the IESG for full standard. >> >> The hash-based signature algorithm document is probably in good shape, the >> big question would be should it be coordinated with the similar documents in >> the LAMPS working group. If that is not needed then this should take less >> than a year to finish. >> >> The X.509 certificates draft needs to get review, but I believe that it is >> good shape now and probably ready to go. >> >> I don't know what the state is for the two Web Authentication drafts as I >> have not read the first in a while and have never read the second. >> >> Jim >> >> >> >> _______________________________________________ >> COSE mailing list >> COSE@ietf.org >> https://www.ietf.org/mailman/listinfo/cose > > _______________________________________________ > COSE mailing list > COSE@ietf.org > https://www.ietf.org/mailman/listinfo/cose >
- [COSE] Recharter the COSE working group. Jim Schaad
- Re: [COSE] Recharter the COSE working group. Carsten Bormann
- Re: [COSE] Recharter the COSE working group. Jim Schaad
- Re: [COSE] Recharter the COSE working group. Carsten Bormann
- Re: [COSE] Recharter the COSE working group. Russ Housley
- Re: [COSE] Recharter the COSE working group. Matthew A. Miller
- Re: [COSE] Recharter the COSE working group. Jim Schaad
- Re: [COSE] Recharter the COSE working group. Matthew A. Miller
- Re: [COSE] Recharter the COSE working group. John Mattsson