►
From YouTube: COSE WG Interim Meeting, 2020-12-16
Description
COSE WG Interim Meeting, 2020-12-16
A
A
C
A
A
A
A
A
And
similarly,
as
for
the
counter
signature,
I
think
there
was
a
question
whether
we
want
to
be
able
to
directly
support
cyborg
certificates
in
x
or
what
is
exactly,
maybe
it's
in
the
document
for
cbor
certificates
and
that
we
are
going
to
add
this.
But
we
might
just
want
to
make
sure
the
text
in
the
x
509
draft
doesn't
doesn't
stop
us
from
doing
this.
E
A
A
F
F
I
I
don't
know
if
you
want
me
to
file
issues
or
just
emails
or
whatever
what
you
think
is
best,
but
those
are
those
are
two
and
then
maybe
there's
also
some
harmonization
with
on
the
x5u
parameter
in
terms
of
the
way
it's
treated
from
a
security
point
of
view.
I
haven't
looked
at
that
one
as
closely,
but
it
seems
like
they're.
They
are
also
different.
A
E
It
says
that
they
only
must
be
integrity
protected
if
the
information
conveyed
is
utilized
in
a
trust
decision
and
if
it's
not.
If
the
trust
decision
only
uses
the
key,
then
they
need
not
be,
and
so
I'm
not
sure
that's
entirely
clear
of
what
the
decision
should
be
made,
particularly
when,
when
you
take
the
example
of
of
cms,
where
certificates
are
not
protected
by
signatures
or
and
it
and
the
and
the
signatures
on
the
certificates
themselves
protect
additional
parameters.
I
don't
know
if
anyone
else
had
thoughts
about
that.
F
F
F
You
know
kind
of
brought
up
the
the
point
and
then
the
fact
that
jws
addresses
it.
That
was
kind
of
the
two
points
there
and
I
agree
that
they
should
not
always
they
don't
always
have
to
be
in
protective
headers
they,
but
sometimes
they
should
be,
and
my
understanding
is
the
the
the
basic
attack
here
is
that
a
a
ca
issues,
two
certificates
with
the
same
key
but
different
extensions
like
or
usage
things
like
usage
like
extended
keys
or
you
know,
path,
length
constraints.
F
F
F
He
never
followed
up
on
that
to
answer
that,
whether
he
thought
that
was
true
or
not,
so
I
don't
really
know
what
he's
thinking
and
then
and
then,
when
I
read
the
section
six
of
jws,
it
seems
to
line
up
with
that.
So
I
I
agree.
It's
kind
of
an
obscure
thing,
but
you
know
in
a
way,
but
I
think
the
the
lineup
with
jws
is
good.
A
B
A
B
B
I
I
know
that
michael
richardson
had
previously
said
that
he
found
the
examples
were
necessary
to
understand
exactly
how
to
implement.
So
it's
good
that
we
have
more.
I
notice
he's
not
here,
but
I
think
with
that
change.
The
documents
now
ready
for
last
call
within
the
working
group.
Hopefully
somebody
can
check
the
examples
as
part
of
that
last
call.
E
A
A
A
D
D
C
C
G
G
A
D
A
A
G
G
G
We
added
a
reference
to
ieee
dev
id
and
made
optimizations
for
dev
id,
and
it
was
a
comment.
It
was
not
really
un
clear
how
this
mapped
to
version
three,
so
we
have
added
version
three
in
a
lot
of
places
to
make
it
very
clear
that
this
is
for
version
three
and
version
three
is
encoded
in
the
seaboard
certificate
type
removed,
some
optimizations
that
was
not
necessary,
changed
serial
number
to
unwrapped,
simple,
big
num
change,
time
to
see
board
epoch
time
added
the
special
encoding
for
no
expiration
date,
which
is
basically
the
maximum
time
positive.
G
A
G
G
G
G
G
G
You
well
used
x,
509
profiles,
the
ca
browser
forum,
baseline
requirements,
that's
basically
used
by
all
browsers
and
therefore
all
certificates
on
the
web,
and
also
to
see
an
essay
x509
profile
which
has
been
published
as
an
rfc
recently
got
several
requests
to
add,
see
an
essay
cypher
suits
to
ad
hoc.
This
might
so.
This
might
be
useful
here.
G
G
Where
the
I
don't
know
the
quick
terms,
but
the
server
hello
can
basically
be
only
three
times
larger
than
the
client
hello.
What
the
client
sent
so
unless
you
can
fit
in
that
restrictions,
you
will
add
another
round
round
trip
this
I've
seen
being
discussed
by
cloudflare
in
a
blog
where
they
show
that
tls
certificate
compression
is
important
here
and
improves
performance.
I
think
seaboard
certificate
could
potentially
also
help
here,
but
we
would
need
concrete
data
on
that.
In
that
case,
then,
the
ad
we
would
like
to
add
an
example.
G
Encoding
of
the
dev
id
certificate
would
be
very
good
good
if
somebody
has
such
a
certificate,
so
we
can
make
it
more
relevant
instead
of
trying
to
create
one
just
from
the
devide
specification
that
could
lead
to,
it
would
be
a
probably
a
corrective
id,
but
maybe
not
how
they
are
used
in
practice,
and
I
don't
think
I
think
michael
richards
on
us.
Maybe
he
could
help.
I
don't
think
he's
on
this
call
today.
H
G
G
G
G
Yeah
sounds
great
no
hurry,
then
we
are
planning
to
the
draft
already
have
an
example:
https
rsa
certificate,
the
ones
from
toolstorebydev.org
we
plan
to
add
one
ecdsa
certificate
as
well,
and
then
coming
back
to
basically
what
michael
just
said,
we
would
like
to
have
more
more
realistic
data
on
what
compression
you
could
do
in
tls
and
as
we
have
found
all
our
understand
is
that
broccoli
is
what
is
used
in
practice.
So
we
are
planning
to
change
from
said
lib
to
broccoli.
G
G
G
So
that's
the
plan
for
zero.
Six
has
been
request
for
more
deployment
guidance
for
it.
What
you
just
choose
and
so
on
this
is
more
high
level
point.
It
should
probably
be
added
at
some
point,
but
I
don't
have
a
clear
view
of
exactly
how
this
deployment
guidance
should
look
like
could
also
be
in
other
drafts
than
this.
G
Then
we
tested
the
encoding
on
on
the
set
of
https
certificates
on
the
web,
and
we
found
out
that
there's
quite
a
lot
of
attributes
that
we
had
not
registered.
For
example,
street
address
postal
code,
business
category,
jurisdiction
of
incorporation,
country,
name,
etc.
There's
we
only
looked
after
a
quite
small
set
of
certificates
and
already
found
four,
then
street
address
and
postal
code
are
are
included
in
this
browser
forum
baseline
requirements,
so
we
made
registrations
for
them
for
all
other
attributes
we
made
so
that
you
can
use
the
oid
byte
string
encoding.
G
Then
last
slide
which
no,
it
was
not
the
last
night.
So
it
also
received
quite
a
lot
of
comments
about
the
the
iana
tables,
especially
the
algorithms,
that
it
was
a
bit
unclear
which
parameters
was
supported
and
not
and
also
expect
encoding,
and
that
the
identifiers
were
a
bit
unclear
as
we
completely
rebuilt
them.
We
removed
identifiers,
we
gave
them
more
descriptive
names,
and
then
we
skipped
the
old
format
and
now
there's
a
one
mapping
between
the
c
board
value
and
the
their
encoding
of
the
whole
algorithm
identifier.
G
G
It
allows
registration
of
algorithms
with
any
form
of
parameters,
and
we
now
added
a
we
all
previously
supported
rsa
with
null,
which
may
or
may
not
be
a
parameter
and
named
curved.
But
now
we
can
also
support
rsa
psf,
which
is
at
least
mentioned
in
both
the
browser
baseline
requirements
and
see
an
essay.
Even
if
I
haven't
seen
any
use
on
the
web.
G
H
I
So,
basically,
when
we
did
people,
we,
we
focused
on
having
a
single
data
item
and-
and
so
all
the
the
initial
cbo
apis
focused
on
that.
But
then
we
found
out
about
the
streaming
and
and
zebra
sequences,
and
all
that
and
and
most
or
many
zip
implementations
I
haven't
done.
The
scientific
study
of
that
actually
grew.
I
Some
some
apis
to
to
actually
work
with
sequences
and
working
with
with
sequences
doesn't
just
mean
that
you
have
sequences
of
encoded
data
items,
but
it
also
means
that
you
can
have
a
situation
where
you
have
one
or
even
maybe
more.
In
this
case
it
would
be
10,
encoded
c
bar
data
items
and
then
something
else
following,
and
this
would
work
with
a
specific
situation
we
have
here.
So
I
gave
some
examples
for
for
decoder,
apis
of
decoders
that
I
have
written.
I
But
of
course
I
I
couldn't
do
this
work
for
all
65
implementations
that
are
on
cbo
that
I
o.
So
we
probably
need
to
do
a
little
bit
more
surveying
there.
But
right
now,
I'm
I'm
pretty
optimistic
that
we
wouldn't
create
ourselves
a
big
deployment
problem.
By
going
with
the
the
way
things
are
done
in
the
show
five.
F
I
Trade-Off-
and
there
is
no
correct
answer
here-
so
we
essentially
just
have
to
see-
is
the
deployment
headache
that
lawrence
has
identified
as
not
entirely
trivial.
Is
that
worth
saving
two
or
three
bytes?
And
then
that's
really
a
decision
that
I
don't
have
a
strong
position
on.
All
I
wanted
to
say
is
the
the
headache.
Is
there,
but
it's
probably
not
a
splitting
headache.
E
G
G
F
So
one
other
comment
on
my
own
seaboard
decoder
has
a
couple
of
extra
features
that
help
it
deal
with
by
string
wrapping,
particularly
for
cos
a
so
I
I
it's
one
of
the
reasons
I
like.
That
is
that
you
know
we
already
have
this
convention
of
doing
it
for
cos
a
and,
and
maybe
some
decoders
have
a
way
of
dealing
with
cose
in
inefficient.