**Session Date/Time:** 22 Jul 2024 22:30

# JOSE Working Group Meeting

## Summary

The JOSE working group met to discuss several draft specifications and their progress. Key topics included updates to JSON Web Proof (JWP), fully specified algorithms for JOSE and COSE, Hybrid Public Key Encryption (HPKE), and post-quantum cryptography. Discussions focused on algorithm registration, deprecation policies, and potential interoperability issues. The group agreed to further discussion on the mailing list and potential revisions of drafts before further action.

## Key Discussion Points

*   **JWP Updates (David):** Updates to the JWP drafts, including the refactoring of examples, moving to BBS and BBS proof algorithms, and changes to the proof section structure.
*   **Fully Specified Algorithms (Mike):** Discussion of the fully specified algorithms draft, including the inclusion of ED25519 and ED448 on par with NIST curves in COSE.
    *   Brainpool curves in COSE.
    *   Concerns raised about the introduction of new fully specified ECDH algorithms due to limited real world need for this functionality.
    *   Debate about the meaning of deprecation and prohibition in algorithm identifiers.
*   **HPKE (Onus):** Discussion of Hybrid Public Key Encryption (HPKE) including the various application data contexts included in key derivation
*   **Post-Quantum Cryptography (Onus):** Presentation of a document focused on transitioning to post-quantum cryptography algorithms within the JOSE framework.
*   **Security Aspects of Key Identifiers (Onus):** Discussion of security considerations for key identifiers in JOSE and COSE, with a proposal to narrow the scope of the document.
*   **GitHub Repository:** Request for authors to move drafts to the new JOSE working group GitHub repository.

## Decisions and Action Items

*   **JWP:** David will work with co-authors to move the drafts to the JOSE GitHub repository.
*   **Fully Specified Algorithms:**
    *   Authors will modify the draft to remove the algorithm registrations for fully specified ECDH algorithms, but leave the appendix describing the registration process.
    *   The appendix will be modified to be prose-based.
    *   Mike will send a question to the mailing list to confirm this.
*   **HPKE:** Onus will work with interested parties to determine some potential ways forward for the draft which he can send out in a form of questions to the mailing list.
*   **Post-Quantum Cryptography:** The group will conduct a call for adoption on the mailing list.
*   **Security Aspects of Key Identifiers:** Onus will resubmit the document with a revised title (Security Aspects of Key Identifiers on COSE and JOSE) and abstract, focusing on the original intent of addressing key identifier security considerations.

## Next Steps

*   **Mailing List Discussion:** Further discussion on the mailing list regarding the fully specified algorithms draft, HPKE, post-quantum cryptography, and the security aspects of key identifiers.
*   **Draft Revision:** Revision of the relevant drafts based on feedback from the mailing list.
*   **GitHub Migration:** Transfer of all JOSE working group drafts to the IETF-owned GitHub repository.