The CBOR Object Signing and Encryption (cose) WG in the Security Area of the IETF is undergoing rechartering. The IESG has not made any determination yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list ([email protected]) by 2025-06-02.
CBOR Object Signing and Encryption (cose) ----------------------------------------------------------------------- Current status: Active WG Chairs: Ivaylo Petrov <[email protected]> Michael Jones <[email protected]> Assigned Area Director: Paul Wouters <[email protected]> Security Area Directors: Paul Wouters <[email protected]> Deb Cooley <[email protected]> Mailing list: Address: [email protected] To subscribe: https://www.ietf.org/mailman/listinfo/cose Archive: https://mailarchive.ietf.org/arch/browse/cose/ Group page: https://datatracker.ietf.org/group/cose/ Charter: https://datatracker.ietf.org/doc/charter-ietf-cose/ CBOR Object Signing and Encryption (COSE, RFC 9052) describes how to create and process signatures, message authentication codes, and encryption using Concise Binary Object Representation (CBOR, RFC 8949) for serialization. COSE additionally describes a representation for cryptographic keys. COSE has been picked up and is being used both by a number of groups with which it will coordinate its progress. This includes groups within the IETF (e.g., ACE, CORE, JOSE, LAMPS, ANIMA, and SUIT) and outside the IETF (e.g., W3C and FIDO). There are a number of implementations, both open source and private, now in existence. The COSE working group handles four types of documents: 1. Documents that describe the use of cryptographic algorithms in COSE. 2. Documents that describe additional attributes for COSE. 3. Documents that define header parameters to be used in COSE objects. 4. Documents that define COSE key representations. The WG will evaluate, and potentially adopt, documents dealing with algorithms that would fit the criteria of being IETF consensus algorithms. Potential candidates would include those algorithms that have been evaluated by the CFRG and algorithms which have gone through a public review and evaluation process such as was done for the NIST SHA-3 algorithms. Key management and binding of keys to identities are out of scope for the working group. The COSE WG will not innovate in terms of cryptography. The specification of algorithms in COSE is limited to those in RFCs, active CFRG or IETF WG documents, or algorithms which have been positively reviewed by the CFRG. Milestones: Jun 2025 - COSE header parameters for RFC 3161-based timestamping into COSE objects to IESG Jun 2025 - COSE header parameters for incorporating “COSE Receipts” into COSE objects to IESG Jul 2025 - COSE header parameters for COSE objects that carry a payload that is an output of a hash function on an original payload to IESG Nov 2025 - A CBOR encoding of the certificate profile to the IESG Jan 2026 - One or more documents describing the proper use of algorithms. _______________________________________________ IETF-Announce mailing list -- [email protected] To unsubscribe send an email to [email protected]
