►
From YouTube: COSE WG Interim Meeting, 2021-05-12
Description
COSE WG Interim Meeting, 2021-05-12
A
A
A
B
Well,
what
happened
is
pretty
interesting.
The
rfc
editor
has
a
number
of
states
in
which
documents
can
be
and
they
have
a
state
progression
mechanism,
and
in
this
case
they
managed
to
get
these
three
drafts
wedged
against
each
other
in
such
a
way
that
only
manually
pressing,
a
button
for
a
state
progression
could
unwedge
them.
B
So
sometimes
you
have
to
to
look
at
documents
that
are
in
the
rfc
editor
queue
and
see
whether
they
they
got
wedged
in
in
any
particular
way
and
and
alarm
the
rfc
editor,
and
they
are
getting
better
in
this,
but
some
of
the
process
steps
are
still
manual
and
they
can
really
get
stuck
indefinitely.
So
if
you
don't
pay
attention,
it
may
take
a
long
time
before
it
finally
advances
again,
but
we
are
beyond
that
now.
A
A
C
Yeah,
yes,
I
covered
some
on
the
pr
35
today.
I
comment
on.
I
think,
ben's
comment
on
that
po
were
mostly
misunderstandings
from
ben's
sides.
I
don't
really
think
there's
any
need
for
changes,
then
there's
a
discussion
with
michael
richardson
and
lawrence
glenblade
regarding
must
or
should
then
what
what
kusi
should
protect.
You
from,
I
think,
that's
more
trickier
issue
to
to
resolve
with
more
opinions,
how
much
cost
you
should
protect
you
from
and
what
you
can
assume
from
the
ca
and
so
on.
A
A
A
C
C
Then
there's
some
changes
and
I
think
that
one
change
that
we
made
was
the
realization
that
the
the
draft
did
not
refer
to
deterministic
seabor,
meaning
that
you
could
actually
encode
the
integers
in
a
lot
of
different
ways.
So
an
update
that
is
also
in
the
last
submitter
version
is
that
there
is
a
new
text
stating
that
whenever
zebra
is
used,
it's
always
deterministic
seabor,
referring
to
the
seaboard
or
the
the
relevant
section
of
the
seaboard
rfc.
C
C
C
B
Well,
the
the
obvious
use
case
is
that
you,
you
doing
some
process
with
both
non-constrained
and
constrained
environments
and
the
non-constrained
environment,
some
hsms
that
only
can
verify
x509
signatures
and
the
constrained
devices
actually
want
to
stay
on
the
silver
side
of
things.
So
having
both
signatures
in
there
may
be
a
good
way
to
to
cover
this
continuum,
and
I
would
prefer,
if
we
made
this
as
painless
as
possible,
to
do
so.
B
E
C
D
E
C
F
F
Well
arguable.
Are
you
talking
rsa?
Are
you
talking
elliptic
curve?
Are
you
talking
elliptic
curve
over
p256
or
are
you
talking
errors,
say
1496
or
bigger
anyways
you,
you
need
certificates
for
different
processes,
get
two
certificates
and
this
would
alleviate
the
risk
that
on
a
double
signed
certificate,
for
example,
the
classic
part
is
forged,
and
now
you
have
a
cert
with
one
signature,
fine,
another
signature
not,
and
if
you
can
process
only
one
of
the
two,
how
are
you
going
to
tell
the
difference
be
between
fake
and
honest?
F
D
So
yeah
I
mean
the
chart,
I
think
the
charter
it
talks
about
exploring,
but
it's
also
clear
what
I
think,
what
what
what
is
going
to
be
what
should
be
explored.
If
anything
and
that's
that
you
have
this
sort
of
the
same
setup,
same
keys
same
same
parameters,
but
you
include
both
the
signature
over
the
c
board
and
the
signature
over
the
daring
coding
that
that
that's
what
the
charter
speaks
about,
and
I
think
there
are
many
interesting
exp
ways
to
expand
this.
D
F
D
Yes,
that's
exactly
how
it's
in
that's
type
type,
one
that's
sort
of
re-encoding
in
there
so
and
I
think
your
idea
would
having
an
an
option
to
strip
off
the
constraints
the
that
they're
encoding,
that
that
that
makes
sense.
I
think,
but
perhaps
we
should
wait
for
ben
to
see
more
more
in
detail
what
he
is.
C
Yeah
my
question
on
this
slide
was
my
understanding
is
that
it
would
be
a
seabor
certificate
with
seabor
encoding.
Only
and
what
would
be
added
is
the
original
signature,
so
it
will
be,
would
be
64,
bytes,
larger,
and
my
understanding
would
be
that
the
this
would
be
an
optional
expansion
of
the
current
draft,
so
nothing
that
you
do
on
by
default,
but
I'm
I'm
not
sure
it's
worth
doing
but
kirsten
seems
to
think
it
had
use
cases.
C
A
Yes,
so
maybe
we
can
try
to
have
this
discussion
also
on
the
mailing
list.
But
yes,
what
I
hear
is
that,
while
writing
this,
there
were
some
considerations
that
we
might
need
to
support,
at
least
that
first,
both
in
standing,
the
their
equivalent
of
the
civil
war,
encoded
certificate
or
the
civil
certificate
itself,
and
I
think
part
of
the
reason
was
also
to
have
simpler
parsing
on
the
device,
not
only
the
size
of
the
of
the
messages,
but
that
will
be
maybe
cleared
out
during
the
discussion.
C
C
Let's
continue
now
when
the
document
is
adopted
and
the
document
is
currently
registering
a
new
tls
certificate
type,
so
I
have
requested
time
from
the
tls
tiers
at
it
f111
to
shortly
describe
this
to
the
for
the
tls
working
group.
Let's
see
if
we
get
that
acceptable,
I
think
it's
essential
to
collaborate
and
coordinate
with
the
tls
working
group
before
cosi
registers,
tls
parameters-
maybe
the
tls
working
group,
I've.
What
I
heard
from
tls
people
seems
that
they
seem
interested
in
this.
So
I
assume
that
will
be
the
case.
C
C
And
that
is
basically
the
current
updates.
Then
the
next
slides
are
about
sending
rpk
by
value.
This
was
brought
up
in
the
lake
working
group
like
working
group.
As
you
probably
know,
it's
designing.
The
ad
hoc
key
exchange
protocol
and
ad
hoc
is
very
heavily
relying
on
cosi,
for
basically
everything
both
crypto
and
to
identifying
certificates
and
so
on,
and
one
of
the
things
in
the
lake
requirement
document
is
to
include
them
that
the
initial
focus
should
be
on
rpk
by
value.
C
This
was
recently
brought
up
again
by
christian
amsas
on
in
the
lake
working
group
in
the
re-meeting.
That
needs
needs
to
be
done,
and
there
has
also
been
several
industrial
partners
that
we
know
of
that
thinks.
This
is
an
important
use
case,
so
educ
currently
relies
on
cosi
to
transport
and
identify
credentials,
use
all
the
cosy
header
parameters.
C
C
C
B
C
C
C
Let
me
continue
with
this
slide.
We
can
discuss
so
what
jiren
and
I
discussed
for
for
ad
hoc
was
so
far.
We
are
looked
at
cozy
key
or
stripped
down
c509.
That
could
be
differently
stripped
down
positive
things
with
koseki
is
that
it's
available
in
cosy
implementations?
If
you
have
cozy
you
have
that
it's
not
designed
for
transport
on
the
buyer,
but
it
could
of
course,
be
fixed.
C
There's
currently,
a
new
header
parameter
to
send
to
use
it
by
value.
You
can
refer
to
it
by
a
kid,
but
that
necessary.
Then
you
need
to
have
it
in
your
on
your
side
beforehand.
Kozuki
only
supports
a
limited
amount
of
key
ops.
There
have
been
it
does
not
support.
I
think
the
key
usage
for
the
hellmann
key
derivation
and
also
has
been
discussion
that
ad
hoc
would
maybe
need
some
dedicated
key
usages
or
key
ops.
C
C
If
you
want
to
align
with
the
sigma
protocol
specification,
then
you
need
to
have
a
subject
name.
That's
my
understanding
is
that
that
stated,
as
a
must
in
like
that's
something
that
the
sigma
protocol
have.
So
if
you
start
to
remove
that,
then
you
can
be
questionable.
If
you
are
sigma
or
not,
and
then
validity
and
key
usage
seems
to
be,
could
be
useful,
also
for
a
raw
public
key
or
a
public
key.
C
C
C
And
here
is
an
example
of
how
slightly
slimmed
down
version
c509,
the
in
the
cdl
here
the
issuer
and
the
issuer,
signature
algorithm
and
the
issue
signature
is
removed
and
you
have
something
looking
like
on
the
right
here.
This
is
the
example
signature
examples
that
you
get
with
these
fields
removed.
C
C
C
D
C
C
A
It
sounds
to
me
as
well
that
that
could
belong
to
the
cozy
working
group.
Of
course
we
need
to
discuss
that
also
with
ben,
and
I
don't
know
if
mike
has
any
other
opinion,
but
at
first
glance
that
that
sounds,
it
could
be
long
here.
The
other
point
is,
of
course,
having
the
consensus
that
this
is
something
we
want
to
be
working
on.
A
G
C
C
D
I
think
they're
basically
several
ways
of
doing
this,
but
I
mean
it's
probably
easy
to
argue
that
for
certain
use
cases
we
need
to
transport
the
raw
public
key
like
like
the
example
john
gave
here.
But
what
is
more
difficult
is
to
say
what
exactly
which
option
should
we
go
for
because
there
are
more
than
one
and
yeah,
and
then
there
is
this
slide
with
the
different
pros
and
cons
where
we
can
argue
add
arguments
to.
D
G
E
A
G
G
G
H
H
And
the
problem
is,
I
would
say,
two
number
one
is:
is
there
anyone
that
can
kind
of
take
over
from
him
and
maintain
this
code
and
accept
incoming
pull
requests?
Now,
I
I
reached
out
to
ivaido
and
he
could
accept
one
pull
request.
I
created
there,
which
was
very
nice,
but
I
guess
there
is
a
need
for
a
more
long-term
solution,
so
the
code
maintenance
is
one
question.
H
The
second
question
is
that
this
course
yoga
library,
it's
also
released
on
maven
as
a
maven
project
and
that's
typically
how
we
use
it
as
a
third
party
library
through
maven.
So
there
is
also
a
need
for
someone
to
regularly
release
new
versions
of
the
cosio
library
onto
maven,
because
now,
even
though
I
managed
to
get
my
pull
request
accepted
to
the
to
the
java
code,
if
that's
not
released,
if
the
latest
version
is
not
released
as
a
maven
project,
we
can't
really
link
and
use
that
as
a
third-party
library
in
ace,
for
instance.
H
How
can
this
is
also,
I
see
like
we're
using
it
for
some
projects
and
all
if
I
look
at
maybe
there
are
other
projects
using
this
code,
so
it
would
be
a
shame
if
it
kind
of
went
away
or
if
no
one
took
it
upon
them
to
continue
developing
this
code,
since
it's
used
here
and
there.
So
that's
basically
the
question
like:
what's
the
plans
for
the
future
for
this
code,
that,
with
tim
sharp's
unfortunate
passing,
is
there
any
plans
on
how
this
can
be
continued
to
to
be
maintained?
G
H
Okay,
okay,
so
the
recommendation
is
that
this
is
not
a
task
that
this
is
the
responsibility
of
the
working
loop,
like
you
said,
or
under
the
authority
of
the
working
group.
So
the
current
code
there
in
the
in
the
github
of
the
working
group,
can
be
marked
as
archived
and
then,
if
anyone
wants
to
continue
to
use
this,
it's
more
upon
them
themselves
to
to
fork
it
and
manage
that
on
their
own.
E
G
B
B
E
So
I
actually,
for
instance,
I
actually
import
that
examples
into
my
code
as
a
sub
module
to
run
my
tests
against.
So
I
don't
know
what
your
pull
request
is,
but
I'll
certainly
look
at
it.
I
don't
know
how
we
can
achieve
authoritate
authority
on
this
well,
but
I
think
this
is
perhaps
within
the
working
group
to
decide.
G
It
kind
of
reminds
me
of
rfc
7520,
which
was
jose
examples
which
our
own
matt
miller
wrote
in
2015,
that
that
was
considered
important
enough
to
interoperable
adoption
that
it's
published
as
an
rfc.
In
our
case,
we've
published
examples
in
our
rfcs
and
given
that
this
is
an
input
to
our
rfcs,
I
think
it's
worth.