Session Date/Time: 19 Mar 2024 05:30

cose Meeting Minutes

Summary

This meeting covered several drafts, including updates on CWT claims and headers, time stamped token header parameter, koseihpke, key thumbprint, harness version 3, open ID federation trust chains in CWT headers, post-quantum cryptography, cozy receipts, seaborne encoded 509, and updates on pairing-friendly curves. The discussions revolved around security considerations, parameter registration, and alignment with other related drafts.

Key Discussion Points

koseihpke: Binding encryption to the context was a major discussion point. Recent attacks presented at the LAMPS meeting regarding downgrade attacks were discussed. The need for explicit context indication in the protected header was highlighted. Mike Gounsworth pointed out a recent attack presented by Deirdre Connelley at CFRG that could impact mlchem implementations.
Key Thumbprint: Status was updated, with feedback incorporation in progress and an April 2nd deadline for further feedback.
Harness Version 3: Adoption was requested. Carsten Bormann raised concerns about the repetition of parameter sets (bag chains, thumbprint, URI) and suggested exploring generalization. Ori noted these were big contents and we shouldn't worry about burning too many header parameters. The group discussed potential conflicts between CWT claims, headers, ISS, KID, and other key discovery components.
Open ID Federation Trust Chains in CWT Headers: Mike Prorock suggested a more generic structure that could also reference CWT or CWT-like bags, to provide a path into other chains. There was general support for a collaborative effort to unify approaches. Ori suggested contacting the STIR folks for similar work in JWT land.
Post-Quantum Cryptography: Draft updates were presented, including renaming and moving specifications to the Kose working group. Concerns were raised about parameterization adjustments, padding, and potential NIST version differences. Early parameter registration for test vectors and implementation tests was discussed, with a suggestion to use private use ranges for pre-registration testing.
Cozy Receipts: The changes in the newest version were outlined and there were discussions about managing code points and registry integration. There was a particular focus on the need for review of the consistency proof design.
Seaborne Encoded 509 (C509): Discussion about the location of the signature algorithm, and whether it should be moved to optimize parsing. There was a suggestion to use new certificate types to accommodate this change, and keep the deployed ones available as the old type.
Pairing-Friendly Curves: The move to uncompressed key representations was explained due to the lack of stable reference to a compressed representation.
Hybrid PQM: Tiro discussed feedback about MLKEM not having the same security properties as HPKE. The plan is to align this draft and ensure similar security bindings that HMAC EAS, and publish a revised draft. Ori raised a question about the the cozy working group algorithms, similar to what he gave in the Jose Working Group.

Decisions and Action Items

koseihpke: Authors to consider feedback on recent attacks and incorporate changes, especially regarding the binding properties when using MLchem.
Harness Version 3: Chairs to run a call for adoption on the mailing list.
Open ID Federation Trust Chains in CWT Headers: Authors of the harness version 3 draft and the open id federation trust chains in cwt headers draft to collaborate and make a recommendation to the working group. They also need to talk to the STIR folks.
Post-Quantum Cryptography: Use private use ranges for pre-registration testing of algorithm identifier.
Cozy Receipts: Ori Steel to contact the Skid Architecture group to discuss who should register 394. Volunteers to review consistency proof text. Monti is volunteer number 1.
Seaborne Encoded 509 (C509): Straw poll on moving the location of the algorithm to improve processing. Assign new numbers for this new version. Reserve old numbers.
Hybrid PQM: Need to align this draft to ensure similar security bindings that HMAC EAS, and publish a revised draft.

Next Steps

CWT claims and headers draft: Expect to be edited and published together with type header parameter draft.
Type header parameter draft: On the IESG telechat on April 4th.
Key Thumbprint: Incorporate feedback from the IETF last call.
koseihpke: Address security concerns and finalize the document.
All drafts: Continued reviews and updates based on feedback.