►
From YouTube: IETF110-COSE-20210312-1430
Description
COSE meeting session at IETF110
2021/03/12 1430
https://datatracker.ietf.org/meeting/110/proceedings/
B
C
B
B
B
B
B
B
B
A
A
Many
of
you
probably
know
me
because
I
was
one
of
the
primary
editors
of
the
jose
specs
in
jason,
as
well
as
working
in
oauth
and
open
id
connect.
I've
produced
something
like
two
dozen
rfcs
with
many
of
you,
but
this
is
the
first
time
I've
been
an
ietf
chair,
so
I'm
looking
forward
to
both
helping
with
progress
and
learning
some
things
along
the
way
so
look
forward
to
working
with
you.
Thank
you
very
much.
D
B
B
B
F
B
C
B
Okay,
so
it
sounds
like
we
want
to
have
at
least
two
three
interim
so
once
per
month,
more
or
less
one
option
is
to
schedule
them
like
every
two
weeks
and
then
just
cancel
some
of
them.
If
we
see
that
we
don't
have
enough
progress
or
something
like
that,
maybe
we
can
discuss
it
also
in
the
mailing
list
in
the
interest
of
them.
D
E
E
E
E
E
E
And
then,
if
you
do
end
the
entity
protection
of
the
certificate,
I
think
then
you
end
up
with
that.
You
don't
need
any
requirements
for
protection
of
the
uri
and
then
I
added
security
considerations
based
on
integrity,
protection,
which
is
quite
separate
but
discussed
in
the
same
thing
and
then
why
integrity
protection
of
the
entity
certificate
needs
is
needed
for
proof
of
possession.
That
would
then
be
need
to
be
updated.
Based
on
warrants
comments.
E
B
E
E
E
E
C
Where
there's,
basically
I
mean
it,
doesn't
have
to
be
used
within
within
the
protocol,
so
that
that
would
be
a
reason
why
you
would
actually
give
the
example
with
external
aad
as
a
clarification.
I
think
that
aligns
a
little
bit
with
harnesses
is
missing
explanations
here,
so
I
think
that
should
be
kept
in
the
in
the
slide.
Five.
E
E
So
here
is
x5t.
I
added
text
to
clarify
this
is
an
end
entity
certificate.
It
was
a
comment
on
about
that
on
the
list
or
in
the
issue
tracker
and
then
similar
text,
but
not
exactly
the
same
as
for
bag
and
chain,
and
proof
of
I
think
here
it
seems
like
we
are
leaning
towards.
Having
must
integrity
predict
yeah,
and
then
we
have
sunny
and
protected
head
there
or
included
in
the
external
aad
and
then
a
backward
reference
to
bag
and
chain
click.
Next.
E
E
E
E
In
fact,
I
think
if
we
go
for,
must
we
don't
need
this
uri
protection
at
all,
maybe
except
if
you
want
to
transfer
new
trust
anchors,
but
here
in
this
text
it's
now
divided
into
two
sections
one.
If,
if
it
is
integrity
protected,
then
the
uri
does
not
need
any
protection,
and
if
it's
not
integrity
protected,
then
you
need
the
same
protection
as
you
had
in
the
old
version
where
you
need,
for
example,
https
on
the.
E
F
F
C
And
then
I
I
responded
to
that
and
said
that
for
the
in
in
order
to
illustrate
how
the
external
aed
is
used,
that
that
that
would
be
one
reason
to
keep
it.
But
otherwise
we
could
rewrite
that
part
as
well.
But
that
would
mean
we
need
to
change
the
part
which
is
specifically
mentioning
how
external
aed
is
used.
F
G
G
C
E
F
G
E
E
E
E
So,
yes,
the
overview
for
people
that
has
not
been
on
the
interim,
this
has
expanded.
It
was
initially
a
short
small
profile
of
7925.
Then
the
comments
have
been
that
we
have
shifted
to
cover
quite
much
of
5280
and
do
very
little
profiling.
So
this
is
an
an
encoding
of
528,
zero
or
large
part
or
it
the
things
that
make
sense
for
iot
cover
7925
the
new
tls1.3
iot
profile,
they're
very
similar,
but
might
be
some
changes.
I
triple
e.
E
G
E
G
Because,
like
then,
the
draft
name
was
compressed
compressed
x549
certificates
right
and
that's
how
you
initially
sort
of
advertised
it
in
it.
The
feature
it
offers
is,
obviously
you
can
use
an
existing
x549
certificate
and,
as
the
name
says
it
like
does
the
compression
on
the
wire,
the
downside.
That's
has
its
beauty
and
but
then
the
downside
is
obviously
you
need
to
now.
G
E
E
E
My
plan
is
to
go
to
t
after
this
is
working
group
adopted
yeah
or
if
it
is,
which
I
hope
it
will
be
and
look
like
it
is.
Then
I
will
go
to
tls
working
group
again
and
ask
what
the
tls
working
group
thinks
about
this
and
if
they
they,
if
they
want
this,
and
if
they
think
it's
the
right
choice
and
if
they
think
this
should
be
done,
in
course,
or
if
we
should
write
the
tls
document
doing
that
registration.
G
G
E
Yeah,
I
think
it
was
has
been
discussion
in
cosi,
whether
that
would
be
standardized
or
not,
and
now
we
have
ended
up
that
because
it
should
standardize
natively
sign.
There
has
been
where
I
think
most
of
the
interests
have
been
related
in
comparison
to
cvt.
I
would
say
that
cvt
might
be
more
flexible
and
new
and
that
this
c509
certificates
are
with
like
profiling
and
content
is
just
a
different
encoding
of
x
509.
E
No,
we
have
only
implemented
compression
and
working
on
that,
and
that
is
soon
done.
My
plan
is
still
to
release
the
the
compression
as
open
source,
maybe
till
summer,
okay
cool.
I
am
not
I
some
point
in
time.
I
hope
to
implement
the
inverse
also,
but
that
has
not
been
done
and
will
not
be
done
for
a
while.
C
E
E
Some
moving
information
in
the
draft
you're
under
this
change,
but
it's
naturally,
science
certificates
is
definitely
there.
So
there's
some
restructuring
of
sections
name
change
with
carson,
michael
ponto.
You
should
not
call
this
seaboard
certificate,
so
the
new
is
c509
certificates
which
is
combination
of
cbor
and
x509.
E
Then
there
is
quite
some
changes
to
the
header
parameters,
bag
chain
tag
and
uri
based
on
the
x509
discussion.
These
are,
I
think
these
need
further
updates.
I
stopped
updating
after
and
planned
to
wait
until
the
x
509
discussion
is
finalized,
that's
more
urgent
and
should
be
the
basis
for
the
seaboard
certificates.
E
Based
on
the
discussion.
We
there
was
a
request
to
add
a
tag,
and
if
you
want
and
based
on
that,
I
created
we
created
a
new
structure
called
cc5,
which
is
an
array
containing
one
or
more
seaboard
certificates
and
the
same
board,
certificates
or
sequences.
You
can
just
add
them
after
each
other
inside
an
array,
and
then
there
is
a
tag
I
think
we
have
and
then
from
zero,
eight
zero,
seven
to
eight.
E
E
E
So
first
this
says
new
issue.
Here
I
think
nobody
has.
I
don't
think
we
have
done
an
issue
on
github
yet,
but
this
was
after
reading.
The
tls
iot
profile
in
utah
and
the
discussion
in
sec
dispatch
seems
to
be
a
lot
of
discussion
of
moving
more
information
to
to
subject
alt
name.
I
think
the
tls
profile
changes
what
is
going
into
subject
adult
name
compared
to
the
tls
1.2
version.
So
the
question
is
more.
I
think
we
support
everything.
G
Yeah
I
rich
had
in
his
document
he
talks
about
the
server
side,
server,
authentication
and
for
the
web,
and
the
reference
utah
document
talks
about
client
authentication
for
iot
devices.
So
the
question
to
me
is
whether
the
use
of
sans
on
on
the
web
for
servers
should
also
imply
that
we
should
use
the
same
for
iot
environments
for
client
sides
or
whether
his
proposal
actually
also
applies
to
client
certificates
in
sort
of,
let's
say
app.
B
E
E
C
C
H
C
C
I'll
I'll
try
to
just
talk
see
if
it
works
anyway.
So
what
I'm?
What
I'm
aiming
at
here
is
that
the
it's
really
distracting
what
this
cozy
currently
doesn't
define
just
encryption
without
mac
and
and
there
are
authenticated
encryption
and
authenticate
encryption
with
additional
data,
and
that's
also
explained
or
clarified
in
the
content.
Encryption
algorithm
section,
which
is
giving
the
the
restriction
to
only
use
authentication
authenticated
encryption
with
additional
data.
C
Please
so
there
is
first
of
all
this
request
from
from
fido
alliance,
registering
just
encryption:
algorithms,
there
is
cipher
block
chaining
and
as
encounter
mode,
and
it's
not
really
clear
from
the
specification,
because
it's
it's
mentioning
both
encrypt
and
mac
and
mac,
then
encrypt.
So
it's
not
really
clear
exactly
what
they
intend
to
use
it
with,
but
one
instance
which
is
presented
is
cosencrypt:
zero,
wrapped
in
a
cosi,
max
zero.
C
C
So
we
are
familiar
to
this
situation
and
this
might
be
the
the
same
type
of
request
might
be
going
back
from
from
itf
to
to
actually
make
a
registration
to
explain
how
they
are
going
to
securely
use
encrypt
with
with
cosy
mac,
and
then
I
just
want
to
point
out
that
this
is
not
the
only
next
slide.
Please.
No,
it's
not
the
only
use
of
encryption,
only
so
encryption
without
mac.
There
are
two
other
examples,
so,
for
example,
in
in
ad
hoc
in
message
two,
it's
only
by
the
security
proof.
C
It's
only
required
to
do
encryption
without
integrity
and
in
this
case
it's
using
stream
cipher,
but
it
could
just
as
well
have
been
using
cosy
with
an
encryption
without
mac,
but
that's
not
specified.
So
we
can't
use
that
for
freedom
so
that
that-
and
that
might
be
others
sit
in
the
same
situation
where
they
would
like
to
use
cosy
with
an
encrypt,
but
it's
not
specified,
and
the
third
example
is
groupos
core,
where
we
currently,
which
is,
which
is
about
group
communication,
and
there
is
a
signature
for
source
authentication.
C
C
So
that's
basically
what
I
wanted
to
say.
We
can
go
back
to
the
previous
slide
and
discuss
the
specific
request
from
fido,
but
I
think
that
the
general
question
to
the
working
group
is
are:
are
we
fine
with
actually
registering
encryption
algorithms
without
without
mac
in
if
they,
if
that's
also?
There
is
also
a
supplementary
specification
explaining
how
how
this
is
used
securely
with
security
considerations.
B
D
D
The
question
that
I
have
is
more
of
whether
we
want
to
change
the
structure
of
the
registry,
to
have
it
more
prominent
that
there
is
a
warning
label
that
applies
to
this
mechanism
or
if
we
think
that
the
existing
required
be
in
their
specification
or
if
we
have
a
description
that
could
say
something.
If
that's
enough.
C
A
So
this
is
mike
speaking
just
as
an
individual.
I
will
note
that
the
jose
registry
has
some
things
registered
as
being
prohibited
and
we
could
add
to
the
kosei
algorithms
registry
that
categorization
as
well
so,
for
instance,
sha1,
is
registered
as
an
algorithm.
Its
use
is
prohibited,
but
there
were
legacy
reasons
to
be
able
to
reference
that
as
an
algorithm.
I
believe
that
came
from
w3c
web
crypto,
so
I'm
perfectly
good.
Adding
code
points
I
will
say
that
recommended
versus
not
recommended
is
not
strong
enough.
We
already
also
have
deprecated.
A
C
C
C
I
C
So
there
is
no
slight
exactly
thank
you,
okay,
so
just
quickly,
thank
you
very
much
for
for
giving
the
opportunity
to
bring
this
up
in
the
last
minute.
So
it's
it
has
been
requested
from
from
several
several
parties
that
we
need
to
define
raw
public
key,
a
cozy
header
map
for
raw
public
key.
It
is,
for
example,
it's
a
it's
a
requirement
by
the
lake
working
group
and
it
might
be
used
in
other
in
other
settings
as
well.
C
C
C
So
I
I'm
reading
the
jabber
here
and
saying
that
what
what
you
provide
the
question
is,
does
you
we
need
to
have
this
still
have
the
header
map
like?
If
you
look
at
the
x519,
for
example,
we
have
a
cosy
header
map
to
to
to
to
to
index
whether
this
is
an
x5t
or
an
x5
chain,
and
the
similar
similar
type
is
what
I'm
requesting
the
type
which
is
indicating
that
this
is
a
particular.
C
C
C
C
B
I
D
I
Yeah,
so
this
is,
this
is
more
a
general
question.
I
I
want
to
separate
it
from
you
know.
Particular
things
about
six
one
character
strings.
In
that
specification.
I
was
just
learning.
How
can
we
make
the
process
more
conducive
to
get
into
the
results
instead
of
making
it
an
endless,
dragging
mind
numbing
exercise.
C
I
C
I
I
D
Based
on
specifics,
political
and
blockage,
there
have
been
several
classes
of
potential
technical
issues
that
were
raised
and
we
only
had
actual
back
and
forth
discussions
about
some
of
them.
There
are
there's
at
least
one
where
I
think
you
were
the
last
one
to
respond,
and
there
was
not
a
follow-up,
but
I
think
there
were
some
where
there
were
issues
raised
and
you
did
not
follow
up.
So
I
think
there's
work
to
be
done
on
many
fronts
here.
D
D
We
are
quite
far
over
time
and
I
do
want
to
make
sure
now
that
matt
has
actually
joined
the
session.
But
I
get
a
chance
to
thank
matt
as
the
outgoing
chair
for
service
matt.
You've
been
really
great
for
this
working
group
and
we
appreciate
all
you've
done.
So.
Thank
you
again
and
best
of
luck.
As
you
move
on
to
newer
and
greater
things.