[jose] Re: [COSE] Re: Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)

Michael Jones <michael_b_jones@hotmail.com> Sun, 03 November 2024 15:17 UTC

Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53CAFC1DA1D3; Sun, 3 Nov 2024 07:17:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.232
X-Spam-Level:
X-Spam-Status: No, score=-1.232 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uOb5I4UjLbv1; Sun, 3 Nov 2024 07:17:00 -0800 (PST)
Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02olkn2067.outbound.protection.outlook.com [40.92.15.67]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D391BC19330B; Sun, 3 Nov 2024 07:16:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=emuuIB8lscCNXI5uEyU0WocXqVljjmUMox0t74guKrwQwNtreo/WySTjSRBpkMGGhs6WdPoE8mruCtNSyMdZiliTj2J7BMNOYQtVz0xIeWiZwDBYdAbex4texZvZas0jvEPMRPyQvElJ/hYwVgAggVExkxsDPBrShlF8I0N1cIx+rtrASRHiCcLAPvLHHwjQh1ERZHlh/untJLwMQTvLBVwQphf4GRkDBFJR93wQJr2Qlb2xc+dvNktaEuc9u4DaktA4XpmpLAjhPhJpkVNsHAvxIBJrfVks1CoCXvG0RD1HbaaVLFZclwZpFGz4koK2DtBjSKtNlVAyVovGddf+Gg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8/fqRPDRrJFl7XclQVuNLC4RU4xSQ5RKsKyAb2OAY5Y=; b=iVFUuwm7iQ+UEDAgd7+/aVdY3fN3VLenPySI9foM9aQ/92TFdsz5EMlaGR49yUiTS0XuXJ7LKxLjyMQPuoAasSqQeHC1pPO9SNyqUzTEp263W/4maw1sSg0xNubS/n5BhzmTG8SOokOwgphS3D2lKvpuJP1W+bNNwWNZzMonByUpqTIAToQZrPRvrHUVvCGVuuJ0VuUsUcvYxZ97BD28QmP5ptzWemN64oQQH08cbyDkYzgQhB1Ke9FbH7+JDnyAA2aSYTLb08kj3FzC+HLJpl0DgizLI+fWnD5Og2SU4MeYdKfkbPBsnuFimC+mq6JLkUm+ihd28PmjyTNTPDkOiA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8/fqRPDRrJFl7XclQVuNLC4RU4xSQ5RKsKyAb2OAY5Y=; b=aBuB+lXIkN7s8JqiB9JWpwqZ2hNbxFRgaEjAX6Q81BGc0nUZ+s2E7eLN+5r4fUO6j/37TZmQt7jcYSRrm4plPPXPJVOVmYE4aYyXanA7RK92XMD2PDUzvIqfwfWV1GVjpdELzVlD6jgXMjSm93p2bVS9180K45HEKbO8fDrVW+dsk9svZqs7BRelVOd596wErlZylq9SMMU0AJ4NLhYFOXVXpExdslxIBhzg0VYt2KZFXtXXlbIrYHtLafda06az93YWUkT9d1cJQvJMxycCS4i875bzlp9M8Gl2wXx/Gkm1ceCs0CAqckNYm7jc9sOTdKRjtt0BssjtmgMHHN7ZiA==
Received: from BN6PR08MB3491.namprd08.prod.outlook.com (2603:10b6:405:6b::27) by MWHPR08MB10278.namprd08.prod.outlook.com (2603:10b6:303:282::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8114.28; Sun, 3 Nov 2024 15:16:56 +0000
Received: from BN6PR08MB3491.namprd08.prod.outlook.com ([fe80::df58:b0fe:54b9:ebfb]) by BN6PR08MB3491.namprd08.prod.outlook.com ([fe80::df58:b0fe:54b9:ebfb%4]) with mapi id 15.20.7962.022; Sun, 3 Nov 2024 15:16:55 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: Marco Tiloca <marco.tiloca=40ri.se@dmarc.ietf.org>, Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org>, "cose@ietf.org" <cose@ietf.org>, "jose@ietf.org" <jose@ietf.org>
Thread-Topic: [COSE] Re: [jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)
Thread-Index: AQHa/23PmRDiICO/FU2GYY+WZ7tKNbKQROPwgBCySYCAA5jhAIABaZrQ
Date: Sun, 03 Nov 2024 15:16:55 +0000
Message-ID: <BN6PR08MB3491CD93628C14D7458596FBB7502@BN6PR08MB3491.namprd08.prod.outlook.com>
References: <CA+mgmiOEbk9qjDwNTu198QVWAGqcuKNSPd2F-YtngcLZwjunZw@mail.gmail.com> <GVXPR07MB9678C278636D28A01AA85C44898F2@GVXPR07MB9678.eurprd07.prod.outlook.com> <PAXPR07MB88443BE71B6DDC81F845A2BDF49D2@PAXPR07MB8844.eurprd07.prod.outlook.com> <PH0PR07MB9077667AEB45E11B29D50D3AB7432@PH0PR07MB9077.namprd07.prod.outlook.com> <PAXPR07MB8844FA40C9236C28108C0BD0F4552@PAXPR07MB8844.eurprd07.prod.outlook.com> <0513c0cd-c6e9-49a1-abbf-6553a4d3f336@ri.se>
In-Reply-To: <0513c0cd-c6e9-49a1-abbf-6553a4d3f336@ri.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN6PR08MB3491:EE_|MWHPR08MB10278:EE_
x-ms-office365-filtering-correlation-id: c7b96d04-7dcc-480b-1bfd-08dcfc1a8da5
x-microsoft-antispam: BCL:0;ARA:14566002|12050799009|19110799003|7092599003|8060799006|15080799006|8062599003|461199028|9400799024|56899033|1602099012|10035399004|4302099013|440099028|3412199025|102099032;
x-microsoft-antispam-message-info: Y1cXZZ6cwvoQ4J+57cSQsdnD0C7Fu5g83xuRRLhjeL/gu73n2k3ovP+C5ioU6GUk0k9Zbyj7c6EHwkasgGhcxfLmv/BRIZoA1wztVZbr71pzzwpOX0wG4+t+3lljD8k9ru/A21piB+L6Gf61K8KVavNr8od1QR1UnknB9TOYk7GM9MZx6UJ0R7SqGjB98HiPI4XoKzGYct6yiT+OwgyfZSgzIOk9XXeryqTGsm0UxctIeMnBigLj5966jX56Wwerduen3L9XVVU7Fc9g7GugMB/2fNlS4NVjWLbS6JI+GHpaJmgBsSCfmoxUhGv/5Aiyh9iWNr3kdazn3uLou4q59CXVBXc15Kh6pXH9pRv0pjASM0QEqYSEd3EF8AfslZFSMfliVMFZ8kPgjsA8xzGQ5DxqvAOeSx+cjTaYnbdSGpGexRAxFvh346Y6L1L7s4JwUXlldYaGN0sJ9/Vz0U5Fl8+3BTDgLTosi91LDFsGNDp0de8/4PMXA0c5CXZpBANSdVJPx4Vz/IDKf1sGzEj3RPwpnCG+BPBz6G8dOg7vSiw6FF8NHTI5N0lIvWYrJZJCbDZ1RsjlRu6970WXSXTVuycNvPlYxluv+tBy0WUYYpD6QRvw3FBoUHpBElR24vbeER+q42miqs6YDwNJL8+EVv7w9PBVjPMd9Ameg5pKHHt+NTuPTBZHpU28jHhTA3kakN2XG7qpvIVCo79UPiy0PZ02KX2gFRFYLfj58hiD6ykp2/CCIw28/52u0BPfNhJMDAxiatUk91464KOx0giv3EdUXsHwNfDV3pNrOVGhZdVzsuvhh6sK/bpnzRdMHLwPIwO4f/3PHi1bFwGcrxV/1gDonkdNZHjbO4cJGD3ZI7mF5HH4Nkl85doOa/0NwCp/UR9V3BUcK26NyAm1vW2bkMiA86dVF/W8cPZxprz4kMZIO5+82/HgOwFFJN8leQUJNzeR8u8/g0W2f6IYvFn9ETLDfoixo+zvUqcDhYVbr21HQvN0jMCoTn5Doean8m8f+JfXUEO1epnB2FwmZ49GJl63pAcPXri+yk0JOjx5DfLlc72pkM1estU0ButfC7ZapoOgFsp5PjchuusXtuzLVhJ/0htR+HAzScol3pBglEJ5UDu9YXr1q7Obcr75tYMmsF4w/y8S4Iw8NeyabMtLtwcgVMjhXP9rq6XaVofWDEPukbdcATu5AVFl2o4o0YPcKajWBqALAk0VLVPM6tuH8w==
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 8w7yYpW0skg0R3YWItDyt9lN9fh75g0TecFHOVp0Hw9CTWqgWj4bO0YViMcGti+cYPU4r6zuUY73TcjZXhYhSS+W0aaS0axAoL1u2zgLvJRVmF86+KvCg7qHUbDyGZBo6Jpjhh4CHGdkhy/O+/ipHiR3zBYMnRMZtHrVgw/jqteefWqxB80bWLT1qXFgHErhErxSJIoFRjLInn160a12vqaqipKGTdvdVBPnG8oboDF5LjeORWrxYn25KO1VX2NtQTyaxUek8N7KtsPUAPviQn1AV86zK8yp6BnDYwx37mHQ6hwKf5spJDyhVYmlzbmnbovcKkwGwG4ExkbALRsuv5E7A8cDO4Nr5BkMhpg3ENW1w7VKDNZLbYcVYZWaETGP0PiPNrlxsjN0trjELl9a4tkiupta1/ORK+XTmK77OKeAuzehNllnVTCeCa4IHMjGcjahDiPmylOlANNW4DlS9MCxa6/BgOkJiHlluWe5euPrXOQqnSPeN+BAe6CFGgjaqzRK7MEN4A/PYrUOLYg4H6OmvvioNh+ND1IruiPNx2rn4wMhCGI3FVjYl4qk++rMHF5o2akO6k0B02f9xuKLs4dX7/HkAyofZNpHCJBXx6404cKhYxnJosJzOEVzxcX6XyphLBXQ9WEIjmihUkMjUADjVQme2Z9Zy7uLvcuB+oyigwDAeIpeZ+hh73xtDInm1OGNhq70uXX5oMZvwHvnYwxFeDxkBFRFMFfhhOL00r6YEvwQuNN6czu23inSRjTZrCaYw0vpODDnafeXU8W71uk38Vw1B5xA33syQhFOSdak1rEXwSlzWaH01FSNfEgUJH2YhbD7k9XLCkpOmT//q6sRnx4Y3ADKbX1Il0XuFkkrWgItdKVP6QXwLeCRZXGS3FMOlLJ0JBCk0Q8BL+EI+rsFZgOJyC2dNOEt04FNJTpqE51IeUgI7ElBx98wMmGJexJngIjDs7PtlAdPSR0+ss2TzSqNKs/JaWcn09QiAgQW/v7B4so5n6Kch5VIxWDXnyvht7t56oBfmTO8aDnTSo7+jeexzovjBBNeqwbVoa3n2DKe1AZK/kGaA28pDFdRXeup4V4cFFDocoEkVhxgv6hRSvcSWUQHY4fXks4D9ygbdVUNeU9c51DIakuGOKN8ZrdIbpeijmi3SAPrPGoMBO3jMawU+r8+SXw+0rOCF7Plp+USbcrsd7e5FjQaY3pHoLtFkKgDiMHxy3J7CdS5kCcc7TVgzlGe8gkATDfp40Bflbc7SxUHGISiYGbiM777F7ASk5yed8iIZEzFCjxDDxudhWcnpoggcKUTko/uQMI=
Content-Type: multipart/alternative; boundary="_000_BN6PR08MB3491CD93628C14D7458596FBB7502BN6PR08MB3491namp_"
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-7741-18-msonline-outlook-200f4.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN6PR08MB3491.namprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: c7b96d04-7dcc-480b-1bfd-08dcfc1a8da5
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Nov 2024 15:16:55.5323 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR08MB10278
Message-ID-Hash: IKCGBJGXPO7FQ73KJC6ZJXZ567N6RY3Y
X-Message-ID-Hash: IKCGBJGXPO7FQ73KJC6ZJXZ567N6RY3Y
X-MailFrom: michael_b_jones@hotmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [jose] Re: [COSE] Re: Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/IjogioYqN9l7wEsiigFx1R7g8V4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>

Thanks for your thoughts, Göran and Marco.

We added this qualifying language to the Deprecated definition exactly to make it clear that situations like that for EDHOC are fine: "unless there exist documented operational or regulatory requirements that prevent migration away from the deprecated identifier".  Göran, as I see it the "operational requirement" that EDHOC has is that the existing EDHOC cipher suites be used.  I'll note that these already appear to already be fully-specified.  For instance EDHOC suite 0 specifies that X25519 is used with EdDSA.  So I think you're already well covered by the existing language.  I don't see a need to call out EDHOC in specific in the definition, as its situation is already covered by the general language.

Marco, I'm not comfortable with your proposed language changing the qualifier to "unless the deprecated identifier is used in constructs that fully specify the cryptographic operations to be performed" because that's narrower than the existing qualifying language and doesn't cover all the use cases.  Remember that the definition is intended to be general.  There are lots of reasons that an algorithm identifier might be deprecated - not just because it isn't fully-specified.  Indeed, the recently adopted draft-madden-jose-deprecate-none-rsa15<https://datatracker.ietf.org/doc/draft-madden-jose-deprecate-none-rsa15/> is an example of deprecating algorithms for other reasons.

That said, I'm here at IETF 121 and would be glad to talk with both of you in person to work on refining the qualifying language in the definition.  I would want any revisions to it to be general-purpose, covering all the use cases, and not be specific to any particular specifications.

                                                                Best wishes,
                                                                -- Mike

From: Marco Tiloca <marco.tiloca=40ri.se@dmarc.ietf.org>
Sent: Saturday, November 2, 2024 4:51 PM
To: Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org>; Michael Jones <michael_b_jones@hotmail.com>; cose@ietf.org; jose@ietf.org
Subject: [COSE] Re: [jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)

Hi all,

I have the same concerns that Göran raised on the definition of "Deprecated".

I find the latest text from Göran to be better and more appropriate. Building on that, I suggest a further, slightly shorter version:

NEW_MT:
There is a preferred mechanism to achieve similar functionality to that referenced by the identifier; this replacement functionality SHOULD be utilized in new deployments in preference to the deprecated identifier, unless the deprecated identifier is used in constructs that fully specify the cryptographic operations to be performed, for example in EDHOC cipher suites.

Best,
/Marco
On 2024-10-31 09:55, Göran Selander wrote:
Hi Mike,

My remaining issue at the end below.

From: Michael Jones <michael_b_jones@hotmail.com><mailto:michael_b_jones@hotmail.com>
Date: Monday, 21 October 2024 at 21:47
To: Göran Selander <goran.selander@ericsson.com><mailto:goran.selander@ericsson.com>, cose@ietf.org<mailto:cose@ietf.org> <cose@ietf.org><mailto:cose@ietf.org>, jose@ietf.org<mailto:jose@ietf.org> <jose@ietf.org><mailto:jose@ietf.org>
Subject: RE: [jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)
Thanks for your comments, Göran.  See the updates to the specification in https://www.ietf.org/archive/id/draft-ietf-jose-fully-specified-algorithms-06.html.  My replies are inline below, prefixed by "Mike>".

                                                                -- Mike

From: Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org><mailto:goran.selander=40ericsson.com@dmarc.ietf.org>
Sent: Thursday, September 5, 2024 1:30 AM
To: cose@ietf.org<mailto:cose@ietf.org>; jose@ietf.org<mailto:jose@ietf.org>
Subject: [jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)

(About target audience:  This draft is proposing to deprecate algorithms in the COSE IANA registry. It would be great if it by default was circulated also on the COSE WG mailing list to enable a timely discussion among those affected.)

Mike> Agreed

With reference to a previous thread on this topic:
https://www.mail-archive.com/cose@ietf.org/msg03799.html
The term "deprecated" is still used in this draft with a different meaning compared to RFC8996 and RFC9325. It doesn't help that you in this document point out that you are using the word with a different meaning that people are used to, very much fewer people will read this document than those that stumble on the term used in registries and understand it from other contexts.

Moreover, this overload of terminology is actually  unnecessary:

Section 4.4
> The terms "Deprecated" and "Prohibited" as used by JOSE and COSE registrations are currently undefined.

So, in fact this provides a unique opportunity to disambiguate and avoid the otherwise inevitable confusion that will come up over and over again arising from the use of the same term with different meanings. A number of perfectly good alternative terms were suggested in the referenced mail thread.

Mike> Yes, there were not definitions of "Deprecated" and "Prohibited" previously in the specifications, but I will observe that the use of both terms in RFC 7518 makes the distinction pretty clear in context based on the plain English meanings of the terms.  "Prohibited" means that an algorithm must not be used.  "Deprecated" means that an alternative algorithm should be used, when possible.  The specification clearly and consistently defines both of those terms in a way that's applicable to both JOSE and COSE.

Mike> Furthermore, and I consider this a big plus. these definitions don't require any changes to existing JOSE or COSE registrations.  Nor do they require defining new terms that were not already in use.  Many of the other terminology proposals don't share these advantages, which is why we went with this one.  I'll also observe that some reviewers explicitly thanked us for the clear terminology definitions.

Moreover, for systems that makes use of the COSE IANA registry and specifies algorithms with enough parameters to make them completely determined, for example EDHOC cipher suites, there is no need to change or abandon the use of the current algorithms. Hence the recommendation ("SHOULD") in the definition does not apply to such systems, and that circumstance should be stated as an exception to the recommendation.

Mike> We added text describing circumstances in which it makes sense to continue using deprecated algorithms, per your suggestion.

GS:  I maintain that "deprecated" is not a good choice of terminology, and it will lead to misunderstandings for example from people coming from the TLS world. But I'm happy to note that you acknowledge and describe a setting for the continued use of these algorithms. However, the text following "unless" does not capture all cases when this is true:

OLD
Deprecated
There is a preferred mechanism to achieve similar functionality to that referenced by the identifier; this replacement functionality SHOULD be utilized in new deployments in preference to the deprecated identifier, unless there exist documented operational or regulatory requirments that prevent migration away from the deprecated identifier.

GS: For example in case of EDHOC, there are no documented operational or regulatory requirements that prevent migration; there is simply no need to change or use other algorithms for new deployments because the algorithms are used in ciphersuites which are fully specified. Here is a proposed rephrasing:


NEW
There is a preferred mechanism to achieve similar functionality to that referenced by the identifier; this replacement functionality SHOULD be utilized in new deployments in preference to the deprecated identifier, unless they are used in constructs where the cryptographic algorithm identifiers fully specify the cryptographic operations to be performed,
 for example in EDHOC ciphersuites.

GS: The explicit reference to EDHOC is needed to mitigate the inevitable confusion that will come when people wonder why deprecated algorithms are used, following this choice of terminology.


Göran




_______________________________________________

COSE mailing list -- cose@ietf.org<mailto:cose@ietf.org>

To unsubscribe send an email to cose-leave@ietf.org<mailto:cose-leave@ietf.org>



--

Marco Tiloca

Ph.D., Senior Researcher



Phone: +46 (0)70 60 46 501



RISE Research Institutes of Sweden AB

Box 1263

164 29 Kista (Sweden)



Division: Digital Systems

Department: Computer Science

Unit: Cybersecurity



https://www.ri.se<https://www.ri.se/>