WG Review: CBOR Object Signing and Encryption (cose)

The IESG <iesg-secretary@ietf.org> Fri, 15 May 2015 17:25 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietfa.amsl.com
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id D10E61A87C1; Fri, 15 May 2015 10:25:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id wTqK45HaNFRO; Fri, 15 May 2015 10:25:54 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 774A31A87AA; Fri, 15 May 2015 10:25:54 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
Subject: WG Review: CBOR Object Signing and Encryption (cose)
X-Test-IDTracker: no
X-IETF-IDTracker: 6.0.3
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150515172554.1006.60355.idtracker@ietfa.amsl.com>
Date: Fri, 15 May 2015 10:25:54 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf-announce/IdezH7hEnZtSXWJDYMrhG72gLkU>
Cc: cose WG <cose@ietf.org>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.15
Reply-To: ietf@ietf.org
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 May 2015 17:25:56 -0000

A new IETF working group has been proposed in the Security Area. The IESG
has not made any determination yet. The following draft charter was
submitted, and is provided for informational purposes only. Please send
your comments to the IESG mailing list (iesg at ietf.org) by 2015-05-25.

CBOR Object Signing and Encryption (cose)
Current Status: Proposed WG

Assigned Area Director:
  Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>;

Mailing list
  Address: cose@ietf.org
  To Subscribe: https://www.ietf.org/mailman/listinfo/cose
  Archive: http://www.ietf.org/mail-archive/web/cose/


Concise Binary Object Representation (CBOR, RFC 7049) is a concise binary
format for the serialization of data structured to an extended version of
the JSON data model. COSE seeks to create CBOR-based object signing and
encryption formats. One motivation for COSE was to reuse functionality
from the JOSE working group using the CBOR data representation as it is
more amenable to constrained nodes and constrained node networks (RFC

The JOSE working group recently completed producing representations for
cryptographic keys, message authentication (MACs), encryption, and
digital signatures, using JSON representation. 

The resulting formats will not be cryptographically convertible from or
to JOSE formats. This lack of a need for bit-for-bit compatibility will
enable some simplification in the adaptation process.

Criteria that should be considered in the decision making process,
changing from JSON to CBOR encoding include:
    o Maintain the current JOSE paradigms and formatting where feasible.
    o Minimize message size, code size, and computational complexity to
suit constrained environments, where this is expected to  be used.
    o Improve security
    o Provide new functionality for additional use cases that were not
required for JOSE. 

Key management and binding of keys to identities are out of scope for the
working group.  The COSE WG will not innovate in terms of cryptography. 
The specification of algorithms in COSE is limited to those in RFCs or
active IETF WG documents.

The working group will coordinate its progress with the ACE, DICE and
CORE working groups to ensure that we are fulfilling the needs of these
constituencies to the extent relevant to their work. Other groups may be
added to this list as the set of use cases is expanded.

The WG will have two deliverables:

1. A standards-track specification covering the same cryptographic
formats from JOSE, with optimizations for constrained device processing,
expressed in CBOR;
2. Registration for algorithms (such as AES-CCM-8) that are appropriate
for constrained environments.
The Working Group will use a wiki to track desired use cases for its
work, but does not intend to publish this as an RFC.

  Jun 2015 - Submit COSE specification as a WG item
  Jun 2015 - Submit COSE constrained-appropriate algorithms as a WG item
  Jan 2016 - Submit COSE specification to the IESG, for publication as a
Proposed Standard
  Jan 2016 - Submit COSE constrained-appropriate algorithms to the IESG,
for publication as a Proposed Standard