> -----Original Message-----
> From: COSE <[email protected]> On Behalf Of Michael Richardson
> Sent: Monday, July 20, 2020 1:30 PM
> To: [email protected]; Mike Jones <[email protected]>
> Subject: [COSE] implementations of RFC8152
>
>
> Hi,
>
> Is the WG aware of any formal (cryptographic) reviews of RFC7515 and
> RFC8152?
[JLS] I am not too sure of what you mean by a cryptographic review, but I
suspect that the answer is no. There have been some community reviews of
RFC 7515 which point to issues that need to be kept in mind, such as the
existence of the None signature algorithm. I don't remember seeing anything
for RFC 8152 which was not along the lines of - it must have the same issues
as RFC 7515.
>
> Was there an implementation report when 8152 was published?
[JLS] Yes there was.
> While I'm aware of many of the IETF efforts that leverage COSE, is there
any
> data on how it has been used outside of the IETF?
[JLS] There are a couple of different projects at the W3C. Web
Authentication is one and Secure Data Storage is another. There is an ISO
driving license standard that I have see reference (ISO/IEC JTC 001/SC 17
"Cards and security devices for personal identification" Mobile Driver's
License (mDL)). A couple of people have talked to me about potentially
using COSE rather than CMS but needing certificates to do so. I can't
remember who off the top of my head.
Jim
>
> --
> Michael Richardson <[email protected]>, Sandelman Software Works -
> = IPv6 IoT consulting =-
>
>
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
