**Session Date/Time:** 07 Nov 2023 12:00 # cose ## Summary The COSE working group meeting covered several key documents and topics, including the Type Parameter draft, key sampling, C509 certificates, HPKE, a BCP for JOSE/COSE implementations, hybrid key exchange, and composite claims for CWT. Discussions revolved around algorithm selection, parameter usage, and potential overlap with other working groups. Decisions were made regarding working group last calls and further refinement of drafts. ## Key Discussion Points * **Type Parameter Draft:** Discussion of wording refinements related to content type parameters. A decision was made to initiate working group last call if no further comments were received by the end of the IETF meeting. * **COSE Key Sampling:** Updates included support for symmetric keys, CWT confirmation methods, and a key sample URI. Concerns were raised about using OAuth-specific language in the URI definition and the choice of hash registry. An alternative using the COSE registry was suggested. * **C509 Certificates:** Updates included compact representations of common names and CSR handling. Discussion occurred on splitting the revocation-related content into a separate document and whether a new adoption call was required. Concerns regarding the lack of code to convert DER to C509 were raised, along with savings with regards to post quantum algorithms. * **HPKE:** Discussion focused on reducing the number of cipher suites defined in the draft and on the context information structure. There were concerns regarding standardisation of referenced algorithms, with a debate on which algorithms should be included or excluded from the registry, and when they are RFC standardised. Key representation was also mentioned. * **JOSE/COSE BCP:** A proposal for a BCP for JOSE/COSE implementations was presented, and suggestions for additional topics, such as key identification, were discussed. * **Hybrid Key Exchange:** An early-stage draft on hybrid key exchange was presented, focusing on the transition to post-quantum cryptography. Concerns about the potential for one library not supporting both LAMPS Jose and Jose solutions were raised, as well as the choice of KDFs. * **Composite Claims:** This highlighted the need for logical claims, envelope claims, and a "quit" claim for CWTs. This stirred debate regarding the purpose of the claims. ## Decisions and Action Items * **Type Parameter Draft:** Initiate working group last call if no further comments are received by the end of the IETF meeting. * **COSE Key Sampling:** The author will fix the issue of "conferencing" using a more neutral wording for OAuth descriptions. Further discussion on the sample print URI is to continue on the mailing list. * **C509 Certificates:** No immediate decision on splitting the revocation content. Authors will discuss potential separation and determine if the working group needs to decide that or not. There is a request for a code base that allows for DER to C509 and back transformations. * **HPKE:** Recommendations on the registry choices should be sent to the mailing list. * **Composite Claims:** Revise the draft, taking into account feedback on logical operators, data structures and nesting requirements, then ask for adoption on the list. ## Next Steps * **Type Parameter Draft:** Await feedback and initiate working group last call. * **COSE Key Sampling:** Authors to fix wording issues and discuss URI scheme. * **C509 Certificates:** Address remaining issues, update ROS implementation, and assess readiness for working group last call. * **HPKE:** Resolve remaining issues, particularly the number of cipher suites and key representation, and align with COSE. * **JOSE/COSE BCP:** Solicit further suggestions on the mailing list. * **Hybrid Key Exchange:** Continue refinement, focusing on choosing the right KEMs, cyber perspective. * **Composite Claims:** Revise the draft per feedback and request adoption.