* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Cose Status Pages

CBOR Object Signing and Encryption (Concluded WG)
Sec Area: Roman Danyliw, Benjamin Kaduk | 2015-Jun-03 — 2016-Nov-29 

2021-04-09 charter

CBOR Object Signing and Encryption (cose)


 Current Status: Active

     Ivaylo Petrov <ivaylo@ackl.io>
     Matthew A. Miller <linuxwolf+ietf@outer-planes.net>
     Mike Jones <michael.jones@microsoft.com>

 Security Area Directors:
     Roman Danyliw <rdd@cert.org>
     Benjamin Kaduk <kaduk@mit.edu>

 Security Area Advisor:
     Benjamin Kaduk <kaduk@mit.edu>

 Mailing Lists:
     General Discussion: cose@ietf.org
     To Subscribe:       https://www.ietf.org/mailman/listinfo/cose
     Archive:            https://mailarchive.ietf.org/arch/browse/cose/

Description of Working Group:

  CBOR Object Signing and Encryption (COSE, RFC 8152) describes how to
  create and process signatures, message authentication codes, and
  encryption using Concise Binary Object Representation (CBOR, RFC 7049)
  for serialization. COSE additionally describes a representation for
  cryptographic keys.

  COSE has been picked up and is being used both by a number of groups
  within the IETF (i.e., ACE, CORE, ANIMA, 6TiSCH and SUIT) and
  outside the IETF (i.e., W3C and FIDO). There are a number of
  implementations, both open source and private, now in existence.
  The specification has advanced to STD status.

  The COSE working group will deal with two types of documents going forward:

  1.  Documents that describe the use of cryptographic algorithms in COSE.
  2.  Documents which describe additional attributes for COSE.

  The WG will evaluate, and potentially adopt, documents dealing with algorithms
  that would fit the criteria of being IETF consensus algorithms.
  Potential candidates would include those algorithms that have been evaluated by
  the CFRG and algorithms which have gone through a public review and evaluation
  process such as was done for the NIST SHA-3 algorithms.
  Potential candidates would not include national-standards-based algorithms
  that have not gone through a similar public review process.

  The WG will produce documents for new attributes only if they are in the
  list of deliverables below.  A re-charter will be required to expand that list.
  The WG is expected as part of normal processing to review and comment on
  attributes that are not in charter but are of general public interest.

  Key management and binding of keys to identities are out of scope for
  the working group. The COSE WG will not innovate in terms of
  cryptography. The specification of algorithms in COSE is limited to
  those in RFCs, active CFRG or IETF WG documents, or algorithms which
  have been positively reviewed by the CFRG.

  The working group will coordinate its progress with the ACE, SUIT and
  CORE working groups to ensure that it is fulfilling the needs of
  these constituencies to the extent relevant to their work. Other
  groups may be added to this list as the set of use cases is expanded,
  in consultation with the responsible Area Director.

  The WG currently has two work items:

  1. One or more documents describing the proper use of algorithms.
  These algorithms must meet the requirements outlined above.

  2. A CBOR encoding of the certificate profile defined in RFC 5280.
  It is expected that the encoding works with RFC 7925 and takes into
  consideration any updates in draft-ietf-uta-tls13-iot-profile-00.  The
  encoding may also include other important IoT certificate profiles like IEEE
  The main objective is to define a method of encoding current X.509
  certificates that meet a specific profile into a smaller format. This encoding
  is invertible, so they can be expanded and normal X.509 certificate processing
  can be used.  The data structures used for such encoding of X.509 certificates are
  expected to produce a compact encoding for certificate information, and are
  not necessarily tied specifically to X.509 certificates.  Accordingly, a
  secondary objective is to reuse these data structures to produce a natively
  signed CBOR certificate encoding; such a structure is relevant in situations
  where DER parsing and the machinery to convert between CBOR and DER encodings
  are unnecessary overhead, such as embedded implementations.  The possibility
  of a joint certificate artifact, conveyed in CBOR encoding but including
  signatures over both the CBOR and DER encodings, may be explored.  CBOR
  encoding of other X.509 certificate related data structures may also be
  specified to support relevant functions such as revocation: Certificate
  Revocation List (RFC 5280) or OSCP Request/Response (RFC 6960); or certificate
  enrollment: Certificate Signing Request (RFC 2986).
  draft-mattsson-cose-cbor-cert-compress is expected to be a good starting point
  for this work.  The working group will collaborate and coordinate with other
  IETF WGs such as TLS, UTA, LAKE to understand and validate the requirements
  and solution.

Goals and Milestones:
  Jun 2021 - Adopt draft for compressed certificate encoding as a Working Group item
  Dec 2021 - Submit draft for compressed certificate encoding to the IESG for publication

All charter page changes, including changes to draft-list, rfc-list and milestones:

Generated from PyHt script /wg/cose/charters.pyht Latest update: 24 Oct 2012 16:51 GMT -