►
From YouTube: COSE WG Interim Meeting, 2021-04-14
Description
COSE WG Interim Meeting, 2021-04-14
A
This
is
an
official
itf
meeting
and
as
such
the
not
well
applies.
I
believe
everyone
here
is
familiar
with
it,
but
if
you
have
any
questions,
please
do
not
hesitate
to
ask
me
or
my
jones
about
it.
A
This
is
the
agenda
for
today.
I
think
there
might
be
some
slight
changes
from
discussions
with
the
authors
of
different
items.
I
don't
know
yeah
and
are
you
going
to
need
to
discuss
anything
about
a
registration
policies
now.
B
I
don't
know
I
don't
have
any
more
input
besides
what
we
discussed.
Okay
at
the
idea,
110.
A
B
So
we
responded
to
that
based
on
the
on
on
the
discussion
at
the
last
working
group
meeting
and
I
have
not-
I
mean
I'm
not
seeing
any
confirmation
on
that.
So
I
I
assume
it's
reached
the
the
requesting
party.
A
A
A
So
here
are
the
minutes.
The
meeting
and
the
minutes
are
recorded.
Please
put
your
name
in
the
minutes
in
order
for
us
to
be
able
to
track
the
attendance.
I've
also
shared
this
link
in
the
chat.
A
A
Otherwise,
maybe
my
address
can
do
that
and
of
course
everyone
could
help,
and
that
would
be
greatly
appreciated.
A
D
A
Okay,
now
you
should
have
it
so
their
chartering
is
completed.
Thank
you,
everyone
for
your
participation.
A
A
C
A
A
E
I
finished
the
shepard
report.
I
posted
those
questions
to
the
mailing
list
about
updates
about
what
it
should
formally
update
and
we
had
the
conversation
and
I
guess
I
was
expecting
russell
housley-
would
add
to
the
updates
list,
but
regardless,
I
think,
there's
con.
I
think
there's
mostly
consensus
that
it
should
update
both
the
new
document,
the
the
50
81
52
bit
struct
and
80
rfc
8152.
A
A
It
appears
that
there
are
still
one
or
two
items
that
have
not
been
answered
to.
I
believe
ben
kaduk
had
commented
on
a
march
request
from
john,
otherwise
they
looked
good
to
me
and
I
didn't
see
any
other
objections,
so
please
take
a
look
at
them
and
otherwise.
C
No,
I
I,
after
the
last
meeting
I
tried
to
update
my
my
pull
request,
based
on
all
the
discussion
and
agreement
during
the
meeting
then
I
saw
after
I
did
that
there
was
some
comment
from
lawrence
and
michael
richardson.
But
after
that
I
went
on
vacation
for
a
couple
of
weeks.
I
have
not
really
been
following
the
discussion,
but
I
saw
that
ben
also
got
involved,
but.
C
A
A
B
A
I
did
not
check
that.
I
know
it
covers
some
of
the
issues,
but
yes,
that
is
a
good
point.
I'm
not
sure
if
that
covers
all
of
them.
A
A
A
So
we
are
suggesting,
if
that
is
going
to
work
for
everyone
to
move
and
our
interims
by
half
an
hour
so
that
we
can
avoid,
and
that
overlap
and
does
that
work
for
everyone.
Or
should
I
phrase
it?
A
A
So
that's
part
of
our
presentation
that
was
and
started
at
the
last
idea.
I
don't
remember
exactly
where
you
stopped
john.
A
C
C
C
So
this
is
a
continuous
listing
of
the
issues.
I
don't
think
we
have
it.
So
this
is
the
continued
discussion
on
whether
the
seaboard
certificate
should
be
a
simple
sequence
or
a
data
item,
and
I
don't
think
there's
has
been
very
much
more
more
input
when
we
discussed
this
last
kersten
commented
that
it
was
better
to
fix
the
tools
than
to
fix
the
fix
change.
The
draft
and
there's
been
some
comments
from
lawrence
that
he
thought
the
sequences
were
problematic
with
some
tools.
C
One
thing
where
we
need
to
make
certificates
or
certificate
or
chains
of
certificates
and
seaboard
item
is
when
we
using
them
in
a
tag,
so
that
is
already
done.
Then
it's
put
into
an
array
and
the
array
is
tagged.
C
C
We
have
not
had
time
to
specify
any
csr
format.
There
is
another
draft
that
specifies
a
csr
format
that
I
think
the
previous
discussion
showed
that
that
format
was
very,
not
general
enough
and
does
not
align
with
the
zebra
certificate
draft
or
c509
certificate
draft
or
whatever
we
will
end
up
calling
it.
C
There
was
a
suggestion
to
use
a
file
format
for
saving
this.
I
noticed
that
michael
richardson
has
written
such
a
draft.
C
E
So
I
think
that
so
we
wound
up
with
two
versions
of
it.
One
is
that
we
prepend
a
cbor
sequence-
that's
basically
probably
12
bytes.
Unless
you
do
it
wrong,
and
that
has
the
advantage
that
you
you
can
trivially
remove
those
12
bytes,
you
don't
have
to
transmit
them
over
the
over
the
wire
in
your
protocol,
so
they
don't
have
any
overhead
impact.
E
The
other
way
is
that
you
put
a
tag
on
that
or
two
tags.
If
you
prefer
and
and
then
you
have
the
decision
as
to
whether
you
are
smart
enough
to
remove
that
tag
before
you
send
it
or
whether
you
wind
up
using
up
bytes
for
the
tag
that
you
probably
don't
need,
because
it's
probably
in
a
I
don't
know
a
cozy
header
or
something
that's
already
told
you
what
it
is.
E
So
I
reckon
that's
why
I
preferred
the
seabor
sequence
mechanism,
because
it
means
that
when
you
put
it
on
disk,
it
very
clearly
says
what
it
is.
I
think
that
yes,
we
want.
We
want
a
different
tag
for
csrs
and
we
probably
if
we
have
a
private
key
format,
which
I
think
we
might
want
to
have
that
we
we
should
tag
that
as
well.
C
Yeah
so
concurring
with
mike
means.
We
use
the
draft
draft
idfc
board
file,
magic
and
the
sybor
sequence
option,
and
then
we
define
different
tags
for
for
maybe
a
chain
for
a
csr
and
for
a
private
key
or
something.
F
A
C
Then
so
issue
84
should
attack
be
defined.
This
was
raised
by
lawrence,
and
this
has
been
added
already
to
the
to
a
recent
version
of
the
draft
or
recent
submitted
several
months
ago
and
the
the
tag
use.
The
tag
is
for
a
chain,
so
the
draft
now
defines
a
specific
tag.
That
is
a
c
509
chain,
and
the
structure
of
this
is
co
c
c
c5,
and
this
is
the
same
structure
that
is
suggested
to
be
used
for
the
c5
bag
and
c5
chain,
and
also
for
the
c5.
C
U,
which
is
the
uri
header
parameter
in
in
cosi,
and
the
structure
here
is
just
a
concatenation
of
the
sequences
of
the
individual
certificates
and
then
all
of
that
is
wrapped
in
an
array
and
then
that
air
raid
is
wrapped
in
a
tag
that
identifies
a
c509
chain.
G
I
mean
people
can
count
to
11,
but
that
sounds
a
bit
brutal
if
we
ever
change
the
number
of
pieces
that
make
up
a
cbo
certificate.
C
Yes
yeah,
to
do
that,
I'm
fine
with
that!
Typically
I
just
if
I
don't
have
any
comments.
I
just
go
for
the
the
option
with
the
list
overhead
and
then
we
can
change
it
later.
That's
fine!
We
do
that
and
any
other
comments
on
this.
Otherwise
can
move
on
to
slide.
C
C
The
so
slide
16.
This
issue
is
about
c
r.
C
L
and
we
have
not
made
nobody-
has
made
any
concrete
suggestion
for
a
more
general
cbor
crl
format
aligning
with
the
c509
draft,
but
it
is.
We
will
definitely
do
that
at
some
point
in
time.
I
think
there
was
agreement
in
the
group
that
a
crl
general
serial
format
aligning
with
this
route
would
be
very
useful.
C
C
B
John,
I
think
csr
is,
is
high
on
the
priority
as
well.
B
C
I
I
thought
this
was
about
csr
yeah,
I'm
sorry!
So.
C
C
E
Csrs
are
interesting
and
there's
some
discussion
this
week
from
elliott
about
some
desire
to
change
the
csr
attributes,
requests
and
that's
actually
a
place
where
what
we
have
in
the
asn1
is
is
is
disastrously
bad
even
for
asn1
space
where
we
made.
This
is
a
place
where
moving
to
a
seabor
certificate
kind
of
space
may
be
more
sense
to
just
just
we're.
Not
no
longer
compressing
is
what
I'm
saying
but
doing
something
new,
because
it
looks
pretty
green
field-ish
to
me.
C
E
Yeah
I'll
find
the
link
the
ml
archive
just
a
moment.
You
know
what
it's
maybe
a
private
conversation
that's
been
told
to
go
to
lamp,
so
maybe
I
can't
point
to
it
so
I'll.
I
will
point
the
cosi
working
group
at
it
as
soon
as
it
becomes
public.
C
C
I
don't
know
if
this
has
been
discussed
on
the
on
the
list
in
recently
or
not,
but
did
the
working
group
have
any
comments
on
this?
Is
this
something
that
we
should
support?
That
would
be
right
now
we
have
type
zero
and
one
which
one
of
them
are
signed
over
there
and
the
other
is
signed
over
c
board.
This
would
be
them
another
type
which
is
signed
over
provide
signature
over.
F
Not
in
this
case,
I'm
explicitly
talking
about
disconnected
when,
when
you
can
reach
back
to
a
server,
then
it
doesn't
matter
you
can
reach
back
to
crl
server
and
you
can
reach
back
to
a
csp
server,
in
which
case
ocsp
is
preferred.
F
But
if
you
are
disconnect,
then,
since
you
cannot
know
for
sure
in
advance
what
certificates
would
be
presented
to
you
during
your
separation
from
the
main
network,
you
cannot
pre-request
and
pre-load
or
csp
responses.
F
F
B
B
B
C
Yes,
one
one
point
could
be
that
csr
is
needed
to
deploy
this
at
all,
or
at
least
that
was,
I
think,
the
comment
from
lawrence,
while
maybe
some
deployments
don't
use,
revocation,
even
if
they
maybe
should
so,
you
could
apply,
deploy
c509
certificates
without
revocation
or
use
some
proprietary
revocation
mechanisms,
which
is
quite
common.
In,
for
example,
I
think
most
browsers
use
some
some
partly
proprietary
revocation
mechanisms.
F
C
Recommend
proprietor
mechanism-
I
think
I
think
the
important
I
think
all
of
these
it
would
be
good
if
cbor
encoding
for
all
of
this
would
be
done.
I
think
the
important
thing
is
to
decide
what
what
is
most
urgent.
What
should
we
spend
our
time
on
the
next
year
to
try
to
specify
and
what
can
wait
another
year.