Hi! In my view, there is a bit of nuance to it being a straightforward publication path. To reuse the pattern of the cited examples of RFC5832, 7091, 8032, 8391, and 8554, these cryptographic algorithms are specified by the IRTF or ISE stream, not the IETF stream. If I understand draft-shen-sm2-ecdsa correctly, to follow the pattern, it should explore which one of these non-IETF streams to publish on. We typically wouldn’t publish any crypto algorithm in the IETF stream (and it isn’t in-scope for COSE to do so).
To the question of what to do with a hypothetical, “very short standards-track RFC that says how to use SM2 with COSE”, that’s one very particular route. The Algorithms registry provides a wide array of options: Integer values from -65536 to -257 Specification Required Integer values between -256 and 255 Standards Action With Expert Review Integer values from 256 to 65535 Specification Required Integer values greater than 65535 Expert Review Using the option of “very short standards-track RFC that says how to use SM2 with COSE”, could meet the bar for an “Integer values between -256 and 255”, but it couldn’t be done in the COSE WG unless CFRG publishes draft-shen-sm2-ecdsa or there is a re-chater. Per the charter: ==[ snip ]== The WG will evaluate, and potentially adopt, documents dealing with algorithms that would fit the criteria of being IETF consensus algorithms. Potential candidates would include those algorithms that have been evaluated by the CFRG and algorithms which have gone through a public review and evaluation process such as was done for the NIST SHA-3 algorithms. Potential candidates would not include national-standards-based algorithms that have not gone through a similar public review process. ==[ snip ]== If shopped to another WG, it would need to surmount the same challenges of the IETF conducting a security analysis of a national crypto algorithm. If published in another stream, this would meet the “Specification Required” bar. Roman From: COSE <[email protected]> On Behalf Of Russ Housley Sent: Wednesday, June 28, 2023 10:02 AM To: 张志磊 <[email protected]> Cc: [email protected] Subject: Re: [COSE] how to add SM2 Digital Signature Algorithm It would seem very straightforward to progress draft-shen-sm2-ecdsa as an Information RFC, and then write a very short standards-track RFC that says how to use SM2 with COSE. It would look similar to RFC 8778. Russ P.S. I encourage you to also write a short standards-track RFC about the use of SM2 with PKIX. It would look similar to RFC 8410. I encourage you to also write a short standards-track RFC about the use of SM2 with CMS. It would look similar to RFC 8708. On Jun 28, 2023, at 9:00 AM, 张志磊 <[email protected]<mailto:[email protected]>> wrote: Thanks for your reply. There is already a draft(https://datatracker.ietf.org/doc/html/draft-shen-sm2-ecdsa-02) explains the algorithm. and some crypto project like linux kernel、openssl、libgcrpt have implemented SM2 Digital Signature Algorithm. IANA has assigned the value 0x0708 with the name "sm2sig_sm3" to the "TLS SignatureScheme" registry and IANA has assigned the value 41 with the name "curveSM2" to the "TLS Supported Groups" registry according to RFC8998 (https://www.rfc-editor.org/rfc/rfc8998.html#name-iana-considerations). Is it enough to register SM2 Digital Signature Algorithm? hope for your reply. Thanks a lot. ________________________________ 发件人: Russ Housley <[email protected]<mailto:[email protected]>> 发送时间: 2023年6月28日 20:39:38 收件人: 张志磊 抄送: [email protected]<mailto:[email protected]> 主题: Re: [COSE] how to add SM2 Digital Signature Algorithm I support the registration of the SM2 Digital Signature Algorithm. It would be very helpful to implementers if there was an Information RFC that explains the algorithm. This has been done for mny other signature algorithms: RFC 2437 - PKCS #1: RSA Cryptography Specifications (Version 2.0). RFC 3447 - PKCS #1: RSA Cryptography Specifications (Version 2.1). RFC 5832 - GOST R 34.10-2001 Digital Signature Algorithm. RFC 7091 - GOST R 34.10-2012 Digital Signature Algorithm. RFC 8017 - PKCS #1: RSA Cryptography Specifications (Version 2.2). RFC 8032 - Edwards-Curve Digital Signature Algorithm (EdDSA). RFC 8391 - XMSS: eXtended Merkle Signature Scheme. RFC 8554 - Leighton-Micali Hash-Based Signatures. Russ On Jun 28, 2023, at 5:28 AM, 张志磊 <[email protected]<mailto:[email protected]>> wrote: as discussed in https://github.com/w3c/webauthn/issues/1783 ,If we want to support SM2 in webauthn,we should register SM2 Digital Signature Algorithm in the IANA COSE Algorithms registry first. please help me to find any way to register SM2 Digital Signature Algorithmin in the IANA COSE Algorithms registry. Thanks a lot.
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
