Jim Schaad <[email protected]> wrote: >> -----Original Message----- >> From: COSE <[email protected]> On Behalf Of Michael Richardson >> Sent: Monday, July 20, 2020 1:30 PM >> To: [email protected]; Mike Jones <[email protected]> >> Subject: [COSE] implementations of RFC8152 >> >> >> Hi, >> >> Is the WG aware of any formal (cryptographic) reviews of RFC7515 and >> RFC8152?
> [JLS] I am not too sure of what you mean by a cryptographic review, but I
> suspect that the answer is no. There have been some community reviews of
> RFC 7515 which point to issues that need to be kept in mind, such as the
> existence of the None signature algorithm. I don't remember seeing
anything
> for RFC 8152 which was not along the lines of - it must have the same
issues
> as RFC 7515.
Sorry, I used impresise language because I was tired and frustrated at the
time.
I'm asking about formal verifications, either at the protocol interaction
level, such as was done for IKE recently:
https://mailarchive.ietf.org/arch/msg/ipsec/LNEPxxRwNAeWbp2Cjzqb-uS7-No/
and has been planned for EDHOC:
https://mailarchive.ietf.org/arch/msg/lake/WGmpD4F9Yb6qCfgwYkF0oKcEqYw
which I know has been done for TLS.
>> Was there an implementation report when 8152 was published?
> [JLS] Yes there was.
I looked back through the IDs before RFC, since we usually remove that before
publication, but I didn't see it in the ID. I guess it might be in the
shepherd write up... Yup.
I wish we would get on with having this on the rfc-editor.org pages :-)
>> While I'm aware of many of the IETF efforts that leverage COSE, is there
> > any
>> data on how it has been used outside of the IETF?
> [JLS] There are a couple of different projects at the W3C. Web
> Authentication is one and Secure Data Storage is another.
> There is an ISO
> driving license standard that I have see reference (ISO/IEC JTC 001/SC 17
> "Cards and security devices for personal identification" Mobile Driver's
> License (mDL)). A couple of people have talked to me about potentially
> using COSE rather than CMS but needing certificates to do so. I can't
> remember who off the top of my head.
Thank you.
Is it worth enabling a wiki in https://github.com/cose-wg somewhere to record
these things?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
