The document currently requests registration of the "ckt" (COSE Key Thumbprint) confirmation method as follows:
* Confirmation Method Name: ckt * Confirmation Method Description: COSE Key Thumbprint * JWT Confirmation Method Name: jkt * Confirmation Key: [[TBD1]] * Confirmation Value Type(s): binary string * Change Controller: IESG * Specification Document(s): [[This document]] This is not parallel to the "jkt" (JWK SHA-256 Thumbprint) registration at https://www.iana.org/assignments/jwt/jwt.xhtml#confirmation-methods, in that it doesn't include the hash function. Please change "COSE Key Thumbprint" to "COSE Key Thumbprint using SHA-256 Hash Function". Thanks, -- Mike -----Original Message----- From: [email protected] <[email protected]> Sent: Wednesday, March 13, 2024 3:36 PM To: IETF-Announce <[email protected]> Cc: [email protected]; [email protected]; [email protected]; [email protected]; [email protected] Subject: CORRECTED Last Call: <draft-ietf-cose-key-thumbprint-04.txt> (CBOR Object Signing and Encryption (COSE) Key Thumbprint) to Proposed Standard The IESG has received a request from the CBOR Object Signing and Encryption WG (cose) to consider the following document: - 'CBOR Object Signing and Encryption (COSE) Key Thumbprint' <draft-ietf-cose-key-thumbprint-04.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the [email protected] mailing lists by 2024-04-02. Exceptionally, comments may be sent to [email protected] instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This specification defines a method for computing a hash value over a COSE Key. It defines which fields in a COSE Key structure are used in the hash computation, the method of creating a canonical form of the fields, and how to hash the byte sequence. The resulting hash value can be used for identifying or selecting a key that is the subject of the thumbprint. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-cose-key-thumbprint/ No IPR declarations have been submitted directly on this I-D. The document contains these normative downward references. See RFC 3967 for additional information: rfc9053: CBOR Object Signing and Encryption (COSE): Initial Algorithms (Informational - Internet Engineering Task Force (IETF)) rfc6755: An IETF URN Sub-Namespace for OAuth (Informational - Internet Engineering Task Force (IETF)) _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
