On Mon, Mar 23, 2026 at 10:43:23AM +0100, Ivaylo Petrov wrote:
> Dear all,
>
> This note starts a three-week call for adoption for *Split Signing
> Algorithms for COSE*
> https://datatracker.ietf.org/doc/draft-lundberg-cose-two-party-signing-algs/.
> Please indicate here *by Monday, April 13, 2026* whether you are in favor
> of adoption or not, and the reasons for your position.
No. I do not think this is a good way to solve the underlying problem,
which is signing data too large to transfer to the signer.
What I think should be done is adding a mechanism to COSE (and maybe
also JOSE) that hashed the payload before signing. Note that this is
subtly different from what hash envelope does (uses a hash to represent
some content).
Then to the draft itself:
The approach used by this draft seems mostly limited to ECDSA, as:
- Ed25519ph and Ed448ph are very poorly supported.
- Hash-(ML|FN|SLH)-DSA is an operational disater. And likely
poorly supported too.
- For ML-DSA, there is signmu, but it is unclear if it would be
used (LAMPS WG did go with ML-DSA signmu to support signing
large amounts of data with ML-DSA).
Then there are issues with the way *-split algorithms are specified.
These codepoints are not reserved, but are not interoperable nor even
usefully constrain the implementation.
The draft says that the digest is "usually" transmitted in the data
to be signed argument. What does that mean?
Or that *-split algorithms can appear in "COSE structures". What COSE
structures?
Then COSE_Sign_args is not enough for signature request (it is missing
the digest), and there is no structure that contains it.
And why would verifier know anything about *-split algorithms other
than to reject the whole message as malformed?
Suggest something along following lines:
- *-split algorithms MUST NOT appear in COSE signatures nor keys.
Such algorithms MUST either be treated as unknown, or the whole
message rejected as malformed.
- Replace COSE_Sign_args with something like three-element array:
* alg: int/tstr
* hash: bstr
* extra_args: { label => value }
-Ilari
_______________________________________________
COSE mailing list -- [email protected]
To unsubscribe send an email to [email protected]
