I support adoption of the draft
On Tue, Mar 24, 2026 at 10:02 AM Ilari Liusvaara <[email protected]> wrote: > On Mon, Mar 23, 2026 at 10:43:23AM +0100, Ivaylo Petrov wrote: > > Dear all, > > > > This note starts a three-week call for adoption for *Split Signing > > Algorithms for COSE* > > > https://datatracker.ietf.org/doc/draft-lundberg-cose-two-party-signing-algs/ > . > > Please indicate here *by Monday, April 13, 2026* whether you are in favor > > of adoption or not, and the reasons for your position. > > No. I do not think this is a good way to solve the underlying problem, > which is signing data too large to transfer to the signer. > > What I think should be done is adding a mechanism to COSE (and maybe > also JOSE) that hashed the payload before signing. Note that this is > subtly different from what hash envelope does (uses a hash to represent > some content). > > > Then to the draft itself: > > The approach used by this draft seems mostly limited to ECDSA, as: > > - Ed25519ph and Ed448ph are very poorly supported. > - Hash-(ML|FN|SLH)-DSA is an operational disater. And likely > poorly supported too. > - For ML-DSA, there is signmu, but it is unclear if it would be > used (LAMPS WG did go with ML-DSA signmu to support signing > large amounts of data with ML-DSA). > > > Then there are issues with the way *-split algorithms are specified. > These codepoints are not reserved, but are not interoperable nor even > usefully constrain the implementation. > > The draft says that the digest is "usually" transmitted in the data > to be signed argument. What does that mean? > > Or that *-split algorithms can appear in "COSE structures". What COSE > structures? > > Then COSE_Sign_args is not enough for signature request (it is missing > the digest), and there is no structure that contains it. > > And why would verifier know anything about *-split algorithms other > than to reject the whole message as malformed? > > > Suggest something along following lines: > > - *-split algorithms MUST NOT appear in COSE signatures nor keys. > Such algorithms MUST either be treated as unknown, or the whole > message rejected as malformed. > > - Replace COSE_Sign_args with something like three-element array: > > * alg: int/tstr > * hash: bstr > * extra_args: { label => value } > > > > > -Ilari > > _______________________________________________ > COSE mailing list -- [email protected] > To unsubscribe send an email to [email protected] > -- Brent Zundel Standards Architect | Yubico <http://www.yubico.com/>
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
