If we will discuss draft-schaad-cose-x509 we could also discuss how we would like things to work in draft-mattsson-cose-cbor-cert-compress. For draft-mattsson-cose-cbor-cert-compress we have much more freedom to change things.
Based on the comments received on draft-mattsson-cose-cbor-cert-compress and draft-schaad-cose-x509 I made the following updates to the GitHub version of draft-mattsson-cose-cbor-cert-compress. John ; The elements of the following group are to be used in a CBOR Sequence: CBORCertificate = ( TBSCertificate, issuerSignatureValue : any ) 9.8. COSE Header Parameters Registry EDITORS NOTE: Should x5u refer to a bag or a chain? The text should be moved a section and not be in the IANA Section. This document registers the following entries in the "COSE Header Parameters" registry under the "CBOR Object Signing and Encryption (COSE)" heading. The formatting and processing for c5b, c5c, and c5t, and c5u are similar to x5bag, x5chain, x5t, x5u defined in [I-D.ietf-cose-x509] except that the certificates are CBOR encoded instead of DER encoded, uses a COSE_C5 structure instead of COSE_X509, and that c5t MUST refer to an end-entity certificate. c5u provides an alternative way to identify an untrusted certificate bag/ chain by reference with a URI. The content is a COSE_C5 item served with the application/cbor content format. The COSE_C5 structure used in c5b, c5c, and c5u is defined as: COSE_C5 = [ + CBORCertificate ] As the contents of c5bag, c5chain, c5t, and c5u are untrusted input, the header parameters can be in either the protected or unprotected header bucket. The trust mechanism MUST process any certificates in the c5b, c5c, and c5u parameters as untrusted input. The presence of a self-signed certificate in the parameter MUST NOT cause the update of the set of trust anchors without some out-of-band confirmation. Note that certificates can also be identified with a 'kid' header parameter by storing 'kid' and the associated bag or chain in a dictionary. +-----------+-------+----------------+------------------------------+ | Name | Label | Value Type | Description | +===========+=======+================+==============================+ | c5b | TBD1 | COSE_C5 | An unordered bag of CBOR | | | | | certificates | +-----------+-------+----------------+------------------------------+ | c5c | TBD2 | COSE_C5 | An ordered chain of CBOR | | | | | certificates | +-----------+-------+----------------+------------------------------+ | c5t | TBD3 | COSE_CertHash | Hash of a CBOR certificate | +-----------+-------+----------------+------------------------------+ | c5u | TBD4 | uri | URI pointing to a COSE_C5 | | | | | containing a ordered chain | | | | | of certificates | +-----------+-------+----------------+------------------------------+ 9.10. CBOR Tags Registry This document registers the following entries in the "CBOR Tags" registry under the "Concise Binary Object Representation (CBOR) Tags" heading. +------+------------------------------------------------------------+ | Tag | X.509 Public Key Algorithms | +======+============================================================+ | TDB6 | Data Item: COSE_C5 | | | Semantics: An ordered chain of CBOR certificates | | | Reference: This document | +------+------------------------------------------------------------+ From: John Mattsson <[email protected]> Date: Thursday, 11 February 2021 at 08:42 To: Ivaylo Petrov <[email protected]>, cose <[email protected]> Cc: Cose Chairs Wg <[email protected]> Subject: Re: Agenda for interim on 17.02.2021 Hi, I would like the WG to discuss and hopefully agree on: - X509. Trust relations, protection, and formats. This is relevant for the EDHOC and the CBOR certificate work as well. - IANA registrations policies, in particular co-factor ECC, as brought up by Wei25519. I think these are the two most urgent things to discuss. I am however not the driver for any of these. Cheers, John From: Ivaylo Petrov <[email protected]> Date: Wednesday, 10 February 2021 at 23:30 To: cose <[email protected]> Cc: Cose Chairs Wg <[email protected]> Subject: Agenda for interim on 17.02.2021 Dear all, Our next interim is scheduled for 17.02.2021 from 16:00 UTC. The chairs would like to know what topics the WG would like to discuss during the interim. If there is nothing to discuss at that time, we could cancel the interim as the IETF 110 meeting will be less than a month later. - Matthew and Ivaylo COSE WG Chairs
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
