IETF Logo Mail Archive

[saag] JOSE WG Report for IETF 125

Michael P1 <michael.p1@ncsc.gov.uk> Thu, 19 March 2026 06:17 UTC

Return-Path: <michael.p1@ncsc.gov.uk>
X-Original-To: saag@mail2.ietf.org
Delivered-To: saag@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 97F98CDAB448; Wed, 18 Mar 2026 23:17:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ncsc.gov.uk
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wO5j3wcZWqNq; Wed, 18 Mar 2026 23:17:28 -0700 (PDT)
Received: from CWXP265CU009.outbound.protection.outlook.com (mail-ukwestazon11011001.outbound.protection.outlook.com [52.101.100.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id E3606CDAB423; Wed, 18 Mar 2026 23:17:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=rUgqQAQZVWRmmEpe5ybiL0gLI8bc5qdplfw/mBJQ5eusr8rV7SDPKiP38JZDi0UkfnJDYIR6t8odIC6/TLaxCA9CeBmaHgmWGkLdL9sxy5baEr4VQsoaYncKqLS+8Bf47BVL9AxsFvL+a6+VciVvFNzlnY9HGCIAFIrZ8PSp5Qvsv22nU9mRqeXCLUhYvfuMj6rmB2FdobfTPSvyLfBgUADyHkQGIHVgrP4SwLoo5DGJmAxYbJFarPorK5aBmn72ltBsns58U2IJKPpQJ9ohduvMOpdiqRxGVAZwF49wp6nmQ0JA/oTKvN3eicHU1WdfhVJ7P67j64U1Hm7LaOApfg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eWTtNu+8pcDOxLQQbuSdtyiGnBqftDJsYz+cBNvM2RY=; b=V4y1HoZn/nzi+ULQwODRlBu9+4UtC9k3uYQQHtdhdYarIsAih0+5X1PwJWtIY8gZ/CyeqtP/kNEPj8bTQMJ753FwS+7Wd4yhAabCWn2NMJXFaFv+1vrfzixS5YNK3Y3RppXr2gLFGhpGPoAuHtkbRPCAbyg2wp9lCs3qGyYdfAyBfrhxrYUEJfCiiVp7QuEDquyXGvGiicsu8BVOHspbbM1P4DDogONr/gI+0debFsB5PkmIRYbTbA/gxCnamNj6K3Oi+STSszk052ylUFGdLkHztglWTobYG5pls3ch/3AOvxXTU6jW0Jvg9uuaYVFvxFZpqOWKRdpINivXG6iGnw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ncsc.gov.uk; dmarc=pass action=none header.from=ncsc.gov.uk; dkim=pass header.d=ncsc.gov.uk; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ncsc.gov.uk; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eWTtNu+8pcDOxLQQbuSdtyiGnBqftDJsYz+cBNvM2RY=; b=euutPb0gSkUh2v3mwW4/E5KJ8PDLCcjmAhfeMyUAOPeiMmjVn1PDUK8LVa+jeaXzX4z2QPbShpoA/1+5UzYKCCMkDkL2dTpEVr+5cJhaOKWUAk/xDFYFy0SLOzz2/BrFuTUGKUYIbo3xXgC1gvy9SC4MF3IgLPE4iEbDQgLMc8EMFuG8w7yx3PE8u7k3VqwwXffDAFRIvPAjEtlVOntu8/fsYFfjErctCVglFP6x1QWzg/fSOdff8M7XkyS4QSLESPW2fzIkcWI3aEOd2E6kpxWfJb8ngxqPPh8rEeC2Y7HUYP74o3VCNwlW+vrePyo5ZirXYslkXJILR0RdUpN/vQ==
Received: from LO0P123MB3994.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:174::5) by LO2P123MB3837.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:143::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9723.19; Thu, 19 Mar 2026 06:17:18 +0000
Received: from LO0P123MB3994.GBRP123.PROD.OUTLOOK.COM ([fe80::bb05:eb1e:b640:a08a]) by LO0P123MB3994.GBRP123.PROD.OUTLOOK.COM ([fe80::bb05:eb1e:b640:a08a%3]) with mapi id 15.20.9723.018; Thu, 19 Mar 2026 06:17:18 +0000
From: Michael P1 <michael.p1@ncsc.gov.uk>
To: saag <saag@ietf.org>, JOSE WG <jose@ietf.org>, jose-chairs <jose-chairs@ietf.org>
Thread-Topic: JOSE WG Report for IETF 125
Thread-Index: Ady3Z+jS9cI01TB9RSOMa5xXZbkt6Q==
Date: Thu, 19 Mar 2026 06:17:18 +0000
Message-ID: <LO0P123MB399497701DB77579EE1D575A8F4FA@LO0P123MB3994.GBRP123.PROD.OUTLOOK.COM>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_baa80bfd-e3bf-43fd-adc3-f03d6b80e814_ActionId=b059cbcc-b6d7-4623-a7ce-50bfa28edbba;MSIP_Label_baa80bfd-e3bf-43fd-adc3-f03d6b80e814_ContentBits=0;MSIP_Label_baa80bfd-e3bf-43fd-adc3-f03d6b80e814_Enabled=true;MSIP_Label_baa80bfd-e3bf-43fd-adc3-f03d6b80e814_Method=Privileged;MSIP_Label_baa80bfd-e3bf-43fd-adc3-f03d6b80e814_Name=OFFICIAL-UNMARKED;MSIP_Label_baa80bfd-e3bf-43fd-adc3-f03d6b80e814_SetDate=2026-03-19T02:07:01Z;MSIP_Label_baa80bfd-e3bf-43fd-adc3-f03d6b80e814_SiteId=14aa5744-ece1-474e-a2d7-34f46dda64a1;MSIP_Label_baa80bfd-e3bf-43fd-adc3-f03d6b80e814_Tag=10, 0, 1, 1;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ncsc.gov.uk;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LO0P123MB3994:EE_|LO2P123MB3837:EE_
x-ms-office365-filtering-correlation-id: be7464a8-c812-430c-b8bd-08de857f2c78
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|19092799006|1800799024|366016|13003099007|38070700021|8096899003|18002099003|56012099003;
x-microsoft-antispam-message-info: APThFHTv3VkUdy+AGi1tAv5iM0Nfey224NKkccjCXzycZt1RXtHnJgWgpRkSWVFEKMVqj+vkUoejRehePEsSgQRrBhHenbSbXj8STUW9U4ZR1XWKxxtO1/gSsk8basn16tGt8YWnrAszt1Sh5Iv7cFvW98s8uT3x4vHRz6zHeMh/iSw1+PVT4JGQC581cycESTJiOGtmWRGXmYCYBt4WzVcog3SJ5zFEkk6nQzkQdalK8qZB6+C6oJPWpUDEwnK8l5iodkzPDN8+QbYyPyL+Ac0Np1fIkc6OgkWAU8/q9aLtdGy2/uzFynQmqeF/j+6TId9BfSaYnQprRDGqZcxZEv8Nc4G5JwtrKAyqTgd9mRJQymbvN+3oPqXa2VR5u6ra78Jajc73XXxBGgd85o4emPH+vvePaPVrcDKSKajCtp9RDBCEA8ydnLgfFNvlLiBUDn0cYnLbGFnACMbFDaNpZEbBRPhs+1x3KO5EnerlvKvw93KeRtCUKPx+L+zYsYUO+m4efnpmcM/i4yjxPilyQ78VKYVG8S1RLjBqQuzm836bgXBE5QbclZLc8zPW2ECBh07xXgWT+F55I7nvHd7DBIgvkm2nWZK0gBw6Cvic79P2thGC09LVpp2zLtx38OSwdGg/JJAz5iM4FLFgeeiftQGqQ9Hbl1Rw6Xj/BOWuLcv0LPXdbdK7m0BBo3PvMVZOIFjLvr/yJUw5hrXIsMtbNaoAGZSkCyBehbmkNELLxQw2mG8wKHicaUMm24PCITxlzcIlhDl+aLhLEUPTPecVxaxhu59jzoqIzaixthH+QJM=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LO0P123MB3994.GBRP123.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(19092799006)(1800799024)(366016)(13003099007)(38070700021)(8096899003)(18002099003)(56012099003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 6YXQ9/czCw42cEuK1wykR4tjZEsYtgR77zOTOpUgw3SJwhvBOJxqG7zoUU0xb5kGhmoq39beuwTAB2OutZP6QIYIXbP1bqkr2ZWrgF8jwy0pciQyPmscT+1BI2FR0gqU02+gMUY/qGduFchjBJVq5Q2nGrWWFhl1TC+EyDUkV/G9FA3EzpYECGkWR7n7H+wWf/+MzCKPXN1vG9i7f5HqwbF/DiZd0EdOa7yTkg7XamX+TdByreLAcbL++lbbj5bxPjUzT0d6OcIV7ahVcT9L7DOWaf2zyMkOeEiuExIn2ohbvUDCAHsDLYgwlvWjc2FConB+H75fAUmH7hru4qsC/N3+GeYtW4xsnMnKMd3xM12AfjDxx6sb7JhMcFhCF3Won5TlMKr3AnQtWOJOat76mmpPudlrrtm3lXH2c+JoqKJ2XTbg7Gzwd8cnTsF2T3WklPs3bGh7kO6+ZPAf+XEqMyyGkP/CX1NBw/KQj7Ppk8dY7zbyUGSGyb3hnDT7Huz+XVgJ4Ut+WTH04eSs7SUrpbOEYFHdrQuzt/JnQhdOFvhTuOrhbdewVWD/qVhwbjBzXOC1iFIEG5xhkp16vrhFF3q4v1KB5q/ucvqleGrsehamRYlDNN4vjmmX6YGDg7Yn+vgE+q+4mBnERoYyNa2nFySHZ4lF0y25r+XsHQgsdojzm1N/tGzCb1NjWde9aLaAaYVFlw3f4KgweyuBwRvaz1VK0DNF5y1qoZjtoNoJvVd/Rx/XV8KtvgKSKnVRgfJTi3a/3jFK0jPnGTz/d6OYp763VlJ+CNkoJ8ODhh7Bv/PjcxZDBaRXkyZ8adXlO3eo3jDPcbMaxHIS+n/KnlhYGCccEEq69COiNBnGD7sacIb2Hp/IG8d28uvDVMVp+t7hWBrATniBjBhXIOIKkQlFGJzcsrHtGaZoCF8c64mHlfGjYQGqz8NT7W7j5KuzdeZkTAlKwSOlW5stnFrWRDWUAmy8kvaiHRYLGA2U0gxc3OH0l597CtSZ4GFy7hPEsre4dMv0P5m6U6Vz3jajDxL6mNQuPKRKvRRsn2bA1dDgQXKIqbi99b5EnwevAjX76qIsnHsGcCiGGz5HI1dePUr9YcllV/cL421qMHmcH6dz6ViLdE7+up/EQNEWwSrckeLGppMqbPil+TThCLQngsyidT9PUHqitP6GVI1ewDwLRHi/aQ+FGFIwZo0sNh/6Gr5+fSqfEn3PGVZStQB2E8Rfzj6O1GK5JZqfDueNmrWa5XIhFaUBnRGt1UR+Ry23G6Wd5/0tgXG5+o+1MeYC0K24Dmk6uO3nBYMs8SNILm8V1GImNmZHUG0ZfmpgtyL+t4vHwHCEno2SEYfkNceMiF3SYEQtpyFDAcLIP9F+bQ/0/pWfOJPedoPqiHl4UdgLeDO98XZ2xTsszu2/RcohaTrcRuJJ8Vp4RpZUyvOR8QZgZzRidV3ssSVkP6PXiQuWPIAnhsA1HyFVz8yB5ZR1bLJOwrUTQI1di0ZeY7h2d6NElo0SMpjDpN0rA/6mvW/iqeXepkBy9v+C+DlDY4bZKVpx15boQBCu8GfiuFmk8N3gc8XbvGr/dT/QP1817sboKNQkt3LW7KTd95Ch8FIfYTE5FG/pGmMkwfaNka/yGlhpgTGo0W153IM/cjwiV2taScNdU0zRQfjzKKEcuq1of1HcPxyIlPup62MQQb8T9rO+Rg7fXx3VAw93LgtEFcbhlR9yPtFxY1pmD9Xo2+AtBnmmlg==
Content-Type: multipart/alternative; boundary="_000_LO0P123MB399497701DB77579EE1D575A8F4FALO0P123MB3994GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: ncsc.gov.uk
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LO0P123MB3994.GBRP123.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: be7464a8-c812-430c-b8bd-08de857f2c78
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Mar 2026 06:17:18.6270 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 3DhktXEY/f8l4nA6a/cewiEbcePnwCp2dEeQgYpY69uZT3bDHmQfZXKJhcdtnFlRheOQCqLrNGT45CRXjc9k5hisqpsw42HU9aStil6ODgo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO2P123MB3837
Message-ID-Hash: KSDDNV6YT5O54MF4YN6ZRPPU6GQAPDAJ
X-Message-ID-Hash: KSDDNV6YT5O54MF4YN6ZRPPU6GQAPDAJ
X-MailFrom: michael.p1@ncsc.gov.uk
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-saag.ietf.org-0; header-match-saag.ietf.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [saag] JOSE WG Report for IETF 125
List-Id: Security Area Advisory Group <saag.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/rrKJv6zeIjL83z3cjbcZcLabn5U>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Owner: <mailto:saag-owner@ietf.org>
List-Post: <mailto:saag@ietf.org>
List-Subscribe: <mailto:saag-join@ietf.org>
List-Unsubscribe: <mailto:saag-leave@ietf.org>

The JOSE WG met on Tuesday at 09:00-11:00.

All adopted drafts were discussed:
Use of HPKE with JWE (https://datatracker.ietf.org/doc/draft-ietf-jose-hpke-encrypt/) has recently been sent to the IESG for publication.

JOSE: Deprecate 'none' and 'RSA1_5' (https://datatracker.ietf.org/doc/draft-ietf-jose-deprecate-none-rsa15/) was recently discussed on list. There were no objections at the WG session to begin a WGLC soon.

JSON Web Proof Drafts (https://datatracker.ietf.org/doc/draft-ietf-jose-json-web-proof/, https://datatracker.ietf.org/doc/draft-ietf-jose-json-proof-algorithms/, and https://datatracker.ietf.org/doc/draft-ietf-jose-json-proof-token/) have been updated and further feedback was provided in the WG session.

PQ KEMs for JOSE and COSE (https://datatracker.ietf.org/doc/draft-ietf-jose-pqc-kem/) has been updated following feedback. This prompted discussion in the WG session regarding the path forward for using PQ KEMs in JOSE which will continue on the mailing list.

PQ/T Hybrid Composite Signatures for JOSE and COSE (https://datatracker.ietf.org/doc/draft-ietf-jose-pq-composite-sigs/) has recently been adopted and updated. Further reviews were requested.

Two individual drafts were discussed:
JOSE HPKE PQ & PQ/T Algorithm Registrations (https://datatracker.ietf.org/doc/draft-skokan-jose-hpke-pq-pqt/) and Post-Quantum and Hybrid KEMs for HPKE with JOSE and COSE (https://datatracker.ietf.org/doc/draft-reddy-cose-jose-pqc-hybrid-hpke/)
Given the similarity in goals of these drafts, the authors will work together to identify a path forward following discussion in the WG session.

v2.46.0 | Report a Bug | By Email | System Status