This message is to confirm consensus to deprecate the current CounterSignature feature and replace it with one that best accounts for all COSE message types.
At the synchronous WG meeting on July 29, the issue with countersignatures was heavily discussed. In summary, the currently-defined CounterSignature mechanism is not processed with the cryptographic content for certain COSE message types. The consensus from the meeting is to mark the current CounterSignature process and structure deprecated in rfc8152bis and define a new one that properly accounts for the cryptographic. Further consensus leaned toward an aggressive approach, incorporating all bstr elements in the target structure when computing the signature. To complete the new CounterSignature method, the sense in the meeting is to have a series of virtual interims. The details of the new method and where it fits as working group items is still to be determined. Jim Schaad posted a starting proposal for a method[1], and an initial discussion on how to approach this as a working group item[2]. Given the participation in the meeting is very close to the participation on the list, we are only seeking objections. If you have objections, please inform the list and why you object. A following message will propose times for interims, ideally starting this month (August). Thank you, - Ivaylo and Matthew COSE WG Chairs -- [1]: < https://mailarchive.ietf.org/arch/msg/cose/6-vyoetZboIdrwwEYoYlj9QY_3Q/ > [2]: < https://mailarchive.ietf.org/arch/msg/cose/8Mxcnsq9sm_pXQAm-2bexKxpaMU/ > _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
