CBOR Object Signing and Encryption (COSE): Initial Algorithms
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, The IESG <firstname.lastname@example.org>, email@example.com, firstname.lastname@example.org, Matthew Miller <email@example.com> Subject: Document Action: 'CBOR Object Signing and Encryption (COSE): Initial Algorithms' to Informational RFC (draft-ietf-cose-rfc8152bis-algs-11.txt) The IESG has approved the following document: - 'CBOR Object Signing and Encryption (COSE): Initial Algorithms' (draft-ietf-cose-rfc8152bis-algs-11.txt) as Informational RFC This document is the product of the CBOR Object Signing and Encryption Working Group. The IESG contact persons are Barry Leiba, Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-cose-rfc8152bis-algs/
Technical Summary The document draft-ietf-rfc8152bis-algs is an update to CBOR Object Signing and Encryption (COSE) to addressing outstanding errata, make other clarifications and fixes. This is part of a set — this for the algorithms, the other detailing the structure and process — that together obsolete RFC 8152. Working Group Summary This -algs document is intended to be published as informational, rather than as Internet Standard as is its -struct counterpart. This is intentional: cryptographic algorithms become obsolete over time as improvements in computing and mathematics can realize vulnerabilities and deficiencies not possible when first published. Publishing as Information marks the state of consensus at the time of publication, and allows for the flexibility to deprecate and obsolete in the future. This document received wide review from various implementers, including those used in real-world deployments. There were a number of editorial comments and some substantive commentary, with consensus to publish. Document Quality Additional care during editing and review of this document and draft-ietf-cose-rfc8152bis-struct were taken to ensure as best as possible that various (internal) references made in the original RFC 8152 have proper (external) references. All errata from RFC 8152 that is relevant to the COSE algorithms has been addressed therein. The CryptoForum Research Group (CFRG) published algorithm documents as Informational; the normative references are expected and exist in the Downref Registry. The only exception is RFC 8439 (ChaCha20/Poly1035), which ought to be added to the Downref Registry. The normatively referenced documents from NIST and SECG are the authoritative description for those algorithms; these "downrefs" are expected. This document and draft-ietf-cose-rfc8152bis-algs are to be published in lockstep, and so references here to -struct (and references to this document in -struct) are expected to be updated as part of publication. The referent to draft-ietf-cose-hash-sig, which is already in the RFC Editor's queue, is also expected to be updated as part of publication. Personnel This work is a product of the COSE Working Group. The document shepherd is Matthew Miller, and the responsible Area Director is Barry Leiba.