Markdown Version | Session Recording

Session Date/Time: 27 Mar 2023 04:00

cose

Summary

The COSE working group meeting covered a wide range of topics related to cryptographic object syntax encoding, including post-quantum signatures, key representations, claim inclusion in headers, certificate encoding, homomorphic encryption key handling, merkel tree proofs, and COSE profiles. Discussions focused on standardization efforts, key representation challenges, security considerations, and future directions for COSE development.

Key Discussion Points

• Post-Quantum Signatures:
  • Discussion on integrating post-quantum signature algorithms (Sphinx+, Falcon, Dilithium) into JOSE/COSE.
  • Concerns about key and signature size increases.
  • Need for clarity on parameter sets, especially with Sphinx+.
  • Debate on waiting for NIST standardization vs. provisional implementation.
  • Coordination needed across different working groups addressing post-quantum cryptography.
• B Key Representations:
  • Discussion of compressed vs. uncompressed public key representations for the B curve.
  • Considerations for compatibility with existing libraries.
  • Importance of aligning key representations with signature algorithms.
• C Claims in Headers:
  • Proposal to allow C claims in COSE headers for use cases like encrypted content identification.
  • Working group expressed readiness for last call.
• Sea Encoded Certificate:
  • Updates on the draft for encoding X.509 certificates in COSE.
  • Main To-Do item regarding Online Certificate Status Protocol (OCSP) encoding.
• COSE HPKE (Homomorphic Encryption):
  • Updates on draft version 4, including changes to key representation.
  • Discussion on open issues such as supporting different HPKE modes.
  • Concerns about the broad consensus of the working group.
• C Key Jwk Hpk Ekm:
  • Proposal for a JWK representation for HPKE keys and related key information.
  • Discussion of potential contentious points, including key type definitions.
• C Header Parameter For Earth C 3161 Timestamp Stamp Tokens:
  • Proposal for a new COSE header parameter to represent RFC 3161 timestamp tokens.
  • Positive feedback and support for adoption.
• Merkel Tree Proofs:
  • Discussion on representing merkel proof data structures in COSE.
  • Challenges in handling merkel tree agility.
  • Concerns about the potential for confusion around the term "proof."
  • Proposal for a registry of tree algorithms.
• COSE Profiles:
  • Proposal for a COSE header parameter to identify specific COSE message profiles.
  • Concerns about scope and potential complexity.
  • Discussion about related work in other working groups, such as ACE.
• Media Types:
  • Question of whether plus C should be used.
  • Plus C is for a C structure suffix.

Decisions and Action Items

• C Claims in Headers: The working group agreed that the draft is ready for working group last call. Chair will initiate last call with mailing list confirmation.
• COSE HPKE: A review team consisting of Tim H., Lawrence Lu., and Kirsten Mormon will review the draft. Reviewers to provide input within approximately six weeks.
• C Key Jwk Hpk Ekm: Chairs will put a comfort option on the list.
• C Header Parameter For Earth C 3161 Timestamp Stamp Tokens: The chairs will send a call for adoption to the mailing list.
• Media Types: Discuss plus C on the list.

Next Steps

• Authors to address feedback from the meeting and update drafts.
• Reviewers to conduct reviews of COSE HPKE document.
• Working group to discuss proposals on mailing list.
• Chairs to initiate last calls and adoption calls as appropriate.