►
From YouTube: IETF108-COSE-20200729-1300
Description
COSE meeting session at IETF108
2020/07/29 1300
https://datatracker.ietf.org/meeting/108/proceedings/
A
A
B
C
All
right,
hello:
everyone
welcome
to
the
cozy
working
group
session
for
ietf
108.
C
If
you've
been
here,
you've
probably
have
seen
this,
but
it's
important
to
call
out.
The
note
well
reminder
that
it
policies
are
in
effect
here,
and
this
includes
code
of
contact
and
and
patents.
C
C
C
Yeah.
Thank
you
michael
for
volunteering.
C
All
right
and
anybody
that's
willing
to
help
francesca.
That
would
be
great.
I
believe
that
the
link
is,
if
I
go,
provide
the
link
further
further
up
in
our
jabber
chat,
a
couple
of
meat
equipment
tips.
That
chairs
have
found
helpful.
C
If
you
do
want
to
cue
it,
the
mic
make
sure
you
always
request
audio.
You
can
request
video
if
you
like,
but
make
sure
you
at
least
request
audio.
If
you
are
speaking,
please
first
state
your
name:
it's
not
there's
no
other
indication
immediately
available
for
everybody,
and
if
you
are
taking
your
tracking
notes,
it
will
be
helpful
to
open
them
in
a
new
tab
or
window.
C
So
with
that
out,
today's
agenda
we're
going
to
go
over
the
document
statuses.
This
also
includes
a
quick
comment
with
jim
to
go
over
an
issue
with
this.
The
8152
struct
then
we'll
hear
about
certain
compression,
more
algorithms
and
wrap
up
with
chartering.
Is
there
any
bartering
over
this
agenda
or
any
changes
that
are
desired.
C
All
right
well,
then,
moving
on.
C
So,
moving
on
to
pointing
out
some
documents
that
have
already
progressed
so
cozy
hashtag
is
has
been
published
since
the
last
time
we
all
talked
and
the
web
authent
algorithms
is
currently
in
the
rc
editor
review.
C
C
Call
see
things
that
are
still
with
the
isg
are
an
ietf
last
call,
so
the
cozy
hashtags
that
murray
graciously
took
over
looks
like
it's
approving
once
we've
gotten
a
revised
internet
draft,
it
should
have
approval,
there's
a
revised
published
waiting,
ap
review
approval
and
whatever
the
outcome
is
of
8152
best
struct,
which
there's
an
outstanding
discuss
that
we
will
be
talking
about
here
very
shortly.
C
Okay,
jim,
I
think
we
are
ready
to
talk
about
the
structure,
discuss.
E
Okay,
so
it
took
about
four
weeks
for
me
to
to
figure
out
exactly
what
jean-marc
was
talking
about
in
terms
of
what
his
discuss
was,
but
I
actually
finally
figured
it
out,
and
I
agree
that
it's
something
that
needs
to
be
dealt
with
so
next
slide,
so
this
is
basically
going
to
be
kind
of
a
recap
of
the
message
I
sent
out,
but
with
some
colors
and
arrows
to
make
things
easier
to
see.
E
So
this
is
true
for
both
of
the
cozy
encrypt
things,
the
cozy
recipient
and
the
cozy
signer,
where
that
is
actually
really
cryptographic,
content
that
is
in
that
field.
Next,.
E
E
Is
to
basically
create
a
parallel
signature,
but
for
the
max
and
cozy
sign
zero,
there
is
actually
cryptographic
content.
That
is
part
of
the
structure.
It's
just
not
the
third
element
in
the
structure,
so
you
actually
so
right.
E
Now
what
we
do
is
we
always
generate
what
is
essentially
a
parallel
structure
for
that,
and
we
say
that
is
true
for
signature,
and
we
say
that
is
true
for
both
of
the
max
structures,
but
we
don't
say
that
that
is
true
for
the
cosy
science
zero
structure,
and
that
is,
that
is
what
the
discussion
itself
was
actually
about
was
the
fact
that
cozy
sign
zero
did
not
say
it
was
generating
a
parallel
structure.
It
implied
it
was
creating
a
counter
signature
next
slide.
E
So
we've
got
a
couple
of
options,
one
of
which
is
to
change
the
definition
of
the
counter
signature
algorithm
so
that
we
actually
always
include
some
cryptographic
content
that
is
in
into
that
into
that
counter.
Signature
processing
algorithm.
If
there
is
any
present
so
cozy's
signature,
would
still
basically
produce
a
parallel
signature
right
because
it
doesn't
have
any
cryptographic
content,
but
for
the
both
at
the
max
and
for
cozy
sign
zero.
E
E
So
if
we
change
the
counter
signature
algorithm,
we
basically
have
two
options:
option
number
one
is
to
include
every
bister
object,
which
is
in
the
structure
and
option.
Two
is
to
include
the
first
and
the
last
under
the
assumption
that
the
last
one
is
always
going
to
be
counter
is
always
going
to
be
cryptographic,
content
and
the
middle
one
would
be
probably
not
cryptographic
content
so
including
all
of
them
is
an
extremely
aggressive
thing.
E
If
we
define
additional,
cosy
structures
which
have
which
don't
put
the
cryptographic
content
last
or
have
multiple
cryptographic
contents
that
you
may
want
to
sign.
So,
for
example,
there
is
some
discussion-
and
I
haven't
still
have
not
figured
out
in
the
cfrg
working
group
exactly
what
their
the
the
the.
E
Thus,
the
reason
why
I
put
in
the
include
everything
the
other
the
other
problem
with
it
is,
you
may
end
up
with
things
which
are
not
interesting
but
are
still
wrapped
in
bisters,
and
since
they
are
not
interesting,
they
potentially
could
be
modified,
and
that
would
break
the
counter
signature.
C
Point
well
ben
jumped
straight
in
and
we'll
give
him
an
option
and
then
corn.
F
Okay,
sorry
to
jump
the
queue
this
has
been
k-duck
jim.
Could
you
perhaps
after
euron
asks
his
question?
Could
you
just
reiterate
what
the
drawbacks
are
would
be
for
including
all
of
the
beasters.
E
F
Okay,
you're
on
please
go
ahead:
okay,.
G
Thanks
your
answer
so
this,
so
you
there's
just
one
thing,
I
I
I
noted
in
the
in
your
mail
there.
You
don't
want
this
to
be
individual
per
struct.
You
want
to
have
the
same
structure
for
all,
because
because
you
want
to
be
able
to
pick
up
the
fields
and
verify
the
signature
before
or
what
what?
What
is
the
reason
for?
For
that.
E
And
just
because
you
have
a
single
thing
you
can
implement
and
two
means
that
you
don't
have
to
actually
deconstruct
and
figure
out
what
the
base
object
is
before
you
start
either
producing
or
verifying
the
counter
signature
so
that
it's
the
processing
is
exactly
the
same,
whether
it
is
an
encrypt
structure
or
a
recipient
structure,
and
potentially
the
only
way
you
can
tell
the
difference
between
those
is
to
pull
apart
the
protected
attributes
and
look
for
an
algorithm
identifier.
E
Yes,
that
would
also
be
an
option:
okay,
ben
the
drawback
is
not
in
any
of
the
structures
we
have
defined
today.
E
A
beaster
which
wraps
something
which
is
on
which
it
was
intended
to
be
unprotected,
as
opposed
to
as
opposed
to
protect
it.
There
are
a
couple
of
different
ways
that
that
could
be
addressed.
E
E
F
E
F
And
so
in
some
sense
that
becomes
a
question
of
fail,
safe
versus
fail
open,
although
I
guess
the
example
that
you've
just
presented
is
not
exactly
a
fail
safe
when
you
include
the
all
the
easter
option,
but
it
seems
like
anybody
who
is
defining
a
new
message.
Type
in
the
future
might
be
expected
to
read
some
spec
or
look
at
the
registry
or
something
or
have
a
designated
expert
review.
That
would
be
an
opportunity
to
point
out
that
if
you
do
want
your
attributes
to
be
unprotected,
you
should
do
the
tag
easter.
E
E
D
H
So
when
you
say
change,
does
that
mean
you
would
change
the
interpretation
of
existing
structures
or
does
it
mean
you
would
put
in
something
new
and
deprecate
the
old.
H
E
E
New
tags
in
in
the
in
the
table
would
have
to
be
defined
for
both
of
those
but
they're
just
but
they're
they're
unprotected
attributes
in
both
cases.
So
that's
a
simple
change
in
the
registration.
E
You
do
end
up
with
a
little
bit
of
potential
confusion
with
people
who
are
using
counter
signatures
today,
I'm
not
exactly
too
sure
what
we
do
with,
for
example,
the
oscore
document
in
core,
because
it
would
be
using
the
deprecated
counter.
Signature
algorithm.
E
C
This
chair
thinks
that
that
makes
sense.
I
one
question
going
into
this
myself.
This
is
matthew
miller
by
the
way
with
so.
To
reiterate
this,
this
problem
is,
is
really
with
the
sign.
The
sign
zero
because
of
the
lack
of
of
all
the
context
or
correct.
C
Okay,
I
think
it
makes
sense
for
for
us
to
have
free
hums,
which,
to
reiterate,
is
leave
things
alone,
and
by
leave
things
alone,
we
really
mean.
C
C
Work
on
excuse
me,
work
on
a
this
fix
or
deprecate
the
current
one
and
like
either
make
the
full
change
which
would
break
exist,
which
could
break
existing
implementations
or
have
this
parallel,
one
that
would
ultimately
deprecate
the
existing.
Is
that
all
correct
that
sounds
correct.
C
Okay,
okay,
so
let
us
start
then:
oh.
I
Yeah
thanks
is
the
microphone
working.
Yes,
yes,
it
is
great.
Thank
you
yeah.
I
may
be
talking
across
purposes
here,
looking
back
at
a
couple
of
ben's
comments,
but
some
of
this
some
of
the
difficulty
that
jim
was
describing
seemed
to
me
to
be
that
you
might,
you
might
try
to
counter
sign
stuff
that
had
not
previously
been
signed
and
that
therefore
signing
that
unsigned
data
might
result
in
a
in
leaving
data
that
could
be
changed
subsequently,
resulting
in
a
subsequent
invalid
signature.
I
Okay,
so
then,
when
ben
made
a
comment
at
one
point,
discarding
inauthentic
data
before
starting
to
pause.
It
is
a
common
mechanism
for
robust
implementation,
so
that
that
sounded
to
me
like
the
basis
for
a
possible
approach
here,
which
was
that
if
you,
if
you
have
a
string
of
data,
some
of
which
is
signed
and
some
of
which
is
not-
and
you
want
to
apply
a
counter
signature-
is
it
viable
to
say
you
should
discard
all
the
data
from
that
stream?
That
is
not
signed
and
only
countersign.
What
you're
left
with.
I
C
I
think
we
are
okay,
so
I'm
going
to
make
sure
that
everybody,
so
there
just
point
out.
There
is
a
note
that
they're
in
the
interface
there
is
an
extra
tab
on
that
right
on
that
left
side
for
the
home.
So
once
we
click
start,
you
will
have
35
seconds
to
enter
your
choice
of
either
low,
hum
or
soft
tum
or
loud
hum.
You
don't
want
to
hum,
don't
click
anything
and
you'll
be
fine.
H
Yep
the
problems
are
in
the
kodi
md
right,
because
the
homes
on
the
side
are
no
longer
the
right
ones.
Correct.
Thank
you.
Yes,
fat.
D
Okay,
so
if
you
want,
I
can
read
it
first,
this
leave
things
alone
and
you.
D
A
C
C
Hum2
will
be
to
fix
it
so
that
counter
sign
zero
works.
The
cozy
sign
zero
works
correctly.
This
which
could
break
existing
implementations.
C
C
If
you
think
that
we
should
leave
things
alone
and
document
that
counter
signatures,
don't
apply
correctly
to
sign
zero.
C
Okay,
this
came
in
pianissimo
pianissimo,
so
not
the
quietest,
not
complete,
silence,
okay,
so
the
next
one
is
fix
counter
signatures
so
that
sine
zero
works
correctly,
which
could
involve
breaking
changes.
C
A
C
This
will
get
interesting,
okay,
so
the
third
hum
fix
counter
signatures
by
defining
a
new
algorithm
that
takes
into
account
sign
zero
and
deprecating
the
old
algorithm.
C
C
C
All
right,
this
option
was
forte,
so
at
least
the
the
dentist
in
the
room
fairly
strong
to
deprecate
the
old
and
replace
with
a
new.
C
J
Anything
other
than
doing
it
in
this
document,
michael
richardson.
Here
I
think
a
different
document
won't
be
helpful
because
at
the
most
we
could
say
what
deprecate
the
old
thing
and
then
we
would
leave
them
without
a
new
thing
until
the
new
document.
So
I
don't
think
that's
useful.
J
I
think
we
have
to
clearly
clearly
loudly
announce
we're
doing
this.
Maybe
we
need
an
ietf
last
call
to
make
everyone
aware,
but
I
think
I
mean
at
least
ace
knows
at
this
point.
So
that's
good.
C
Well,
I
think,
regardless
this
document
needs
to
come
back
to
the
working
group
and
arguably,
probably
also
owls.
Actually,
I'm
almost
assuming
alex
will
have
to
come
back
also
because
it
will
require
changes.
C
F
F
K
Be
that
if
you're
making
a
breaking
change,
you
have
to
stay
at
proposed
standard
for
a
while
to
until
you
think
it's
mature
enough
that
that
piece
can
go
to
internet
standard.
H
So
the
reason
why
I
think
this
is
a
good
thing
to
do
is
that
it
sends
a
signal
in
the
document
that
there
is
something
different
that
people
should
be
using.
But
if
we
put
this
into
a
different
document,
people
will
just
read
the
base
specification
and
will
simply
not
notice
that
the
other
thing
is.
L
There
hi
this
is
russ.
I
think
that
if
we
put
this
new
feature
in
the
document,
which
I
do
believe
it
belongs
in
the
base
document,
not
a
separate
document
for
the
reasons
carson
just
said,
but
it
means
that
we
don't
have
the
implementation
experience
with
the
new
thing,
so
it
should
cycle
it
that
proposed.
K
J
Michael,
I
think
you're
saying
is
that
we
wouldn't
necessarily
need
a
new
document,
because
the
isd
could
act
in
a
few
months
or
12
months
or
some
something
based
on
the
implementation
experiences.
K
Correct
we
have,
we
now
have
a
thing
called
a
status
change
document
and
we
can
just
move
whatever
these
become.
Let's
say
it's
you
know,
89.99,
we
can
just
say:
89.99
is
now
internet
standard.
E
C
Okay,
so
we'll
we
can
confirm
this
on
the
list,
but
I
think
at
this
point
it's
pretty
clear.
We
need
to
find
something
new
and
it's
going
to
be
in
this
document.
C
Do
we
have
any
any
beginning
sense
of
what,
where
we
want
to
go
with
this
yet
or
is
that
like
what
how
like
details
in
this
or
do
we
need
to
set
up
a
an
interim
discussion.
C
Okay,
so
the
chairs
will
take
the
last
the
the
the
notes
from
these
hums.
Take
that
to
the
list
point
out,
the
the
the
strong,
the
consensus
of
the
meeting
being
to
deprecate
the
old
and
replace
with
a
new
and
then
we'll
solicit,
we'll
start
soliciting.
What
what
that
looks
like.
C
H
So
we
do
have
to
do
the
last
hum
if
you
want
to
decide
whether
two
elements
or
all
elements,
I
would
actually
add
to
this.
E
C
Okay,
so
so
assuming
since
we
are
looking
at
changing
things
or
and
hopefully
non-breaking,
let's
have
another
set
of
hunts,
so
the
first
time
will
be.
Are
we
going
to
be
aggressive
with
the
new
counter
signature
proposal,
which
is
sign
everything
that
looks
like
a
beaster.
C
If
you,
if
you
think
that
we
should
so
and
then
the
second
hum
will
be
be
more
constrained
on
what
we
on,
what
we
put
to
the
signature,
for
instance,
only
the
first
and
last
bistro
element,
although
this
could
change
as
we
we
work
through
the
process,
so
I
guess
yeah
so
hum.
If
we,
if
we
should
be
aggressive
on
what
is
what
is
signed
for
this
new
counter
signature.
Do
that.
C
H
This
interface
is
so
stupid
if
you
want
to
hum
loudly
at
the
moment
when
you
click
on
it,
it's
showing
the
number
of
seconds
remaining.
So
you
click
on
softkey
and
then
you
have
to
go
to
the
other
side
and
say
no.
I
changed
it
go
back.
Click
on
largely
just
entertaining
you,
while
you're
waiting.
We
are
waiting
for
the
run
to
complete.
C
Thank
you,
karsten.
Okay,
the
result
of
that
hum
was
piano,
which
is
the
middle,
so
this
will
be
very
interesting,
so
second
hum
hum,
if
we
should
be
more
constrained
on
what
is
signed
for
the
counter
signature.
C
C
Okay,
thank
you,
everybody.
I
think
we've
got
some
we'll
bring
these
to
the
list
we
are
running
way
over,
but
this
discussion
really
did
have
to
happen.
B
B
B
Sorry
next
slide,
please
so
a
very
quick
background
to
bring
everybody
everyone
up
to
speed
before
we
get
into
the
interesting
discussion
parts
just
stating
our
background
and
our
starting
points.
Basically-
and
this
is
to
actually
care
about
single
bytes
when
it
comes
to
transfer
of
certificates
back
and
forth,
between
constrained
iot
devices
and
as
a
starting
point,
we
have
been
looking
at
rfc
7925,
which
already
specifies
an
iot
profile
for
certificates
for
iot
deployments,
and
on
top
of
this
we
add
seabor
encoding.
B
B
B
That
is
not
to
say
that
we
should
disallow
everything
else,
but
the
the
main
focus
has
so
far
been
the
compactness,
but
there
is,
of
course,
open
for
discussion
for
some
of
these
trade-offs
and
that's
where
many
discussions
have
already
happened.
Next,
please.
B
Yeah
exactly
as
mentioned,
the
7925
is
the
starting
point,
and
this
mandates
that
all
involve
the
keys
are
elliptic
curve
type,
including
the
ca
certificates,
and
this
is
because
the
iot
devices
are
not
thought
to
be
able
to
handle
more
heavyweight
compression
algorithms,
and
there
is
also
restrictions
on
the
subject
type
and
which
certificate
extensions
that
can
be
used.
On
top
of
this,
we
have
done
some
further
profiling
to
chop
down
and
be
able
to
implicit
deduce
some
of
these
certificate
fields,
and
we
will
get
more
into
them
into
the
discussion
next,
please.
B
So,
as
I
mentioned
it's
been
around
and
now
we
have
merged
these
documents,
which
talk
about
the
format
itself
and
how
to
add,
ayana
registry
entries
to
use
this
in
both
a
quality
and
a
tls
context
and,
of
course,
clarifications
and
simplifications
on
some
of
the
details
of
the
encoding
that
were
not
yet
100
specified
and
some
of
them
are
still
open.
B
And
understandably,
the
the
overall
discussion
teams
is
on
the
kind
of
the
core
target.
How
eager
to
say
bytes
should
one
be
basically
how
many
certificates
do
we
exclude
by
our
assumption,
versus
how
much
complexity
in
the
encoding
that
we
want
to
add
to
accommodate
more
of
the
cases
and
we're
very
happy
for
the
discussion
that
has
been
happening
on
the
mailing
list,
with
many
constructive
suggestions
and
pointing
out
open
issues
from
a
number
of
participants.
B
B
For
instance,
it
cannot
currently
handle
the
repeated
attribute
types,
and
currently
we
cannot
distinguish
whether
the
the
original
type
was
printable
string
or
utf-8,
and
so
some
of
these
discussions
have
been
about
what
what
are
the
can
we
shortcut
and
make
a
functions
versus?
Do
we
need
to
encode
all
of
this
information
and
to
what
degree
of
complexity?
B
B
We
have
only
considered
algorithms
suited
for
iot
targets,
meaning
we
have
not
considered
our
rsa
type
of
cryptos,
even
though
this
has
sparked
some
discussion
on
the
mailing
list
for
sure
there
are
erisa
crypto
certificates
out
there.
But
our
starting
point
has
been
that
they
are
not
relevant
for
the
type
of
iot
scenarios
that
we
mainly
target,
meaning
that
we
don't
think
they
are
necessarily
in
this
context.
B
B
B
C
C
C
All
right,
thank
you
very
much,
joel,
we'll,
take
further
comments
on
the
list.
Sorry,
jim,
that
we
could
not
get
to
the
next
one,
but
I
think
you
may
have
a
lot
of
work
ahead
of
you
anyways
all
right
unless
there's
anything
super
pressing.
I
think
that
that
concludes
our
meeting
for
today.
Thank
you.
Everyone.
Thank
you
again
francesca
for
taking
minutes.
That's
tremendously
helpful
and
we'll
see
everybody
on
the
list.