**Session Date/Time:** 19 Mar 2025 06:00 # cose Meeting Minutes ## Summary The COSE working group meeting covered several key topics, including updates on existing drafts and discussions on potential new work. Presentations were given on Sphinx Plus and Falcon, Dilithium/MLDSA, AES-GCM MAC, C509 certificates, HPKE, two-party signing, and the Hash Envelope draft. The group discussed limiting algorithms, abandoning expired drafts, aligning key representations, reviewing drafts, and addressing concerns regarding feature creep. Several individuals volunteered to review drafts and provide feedback. ## Key Discussion Points * **Sphinx Plus and Falcon:** Discussion on limiting the number of algorithms in Coz A-Sphinx Plus. Consideration of abandoning the Falcon draft due to lack of interest and recent NIST publication. * **Dilithium/MLDSA:** Alignment with LAMPS on private key representation, including support for expanded private keys and seed. * **AES-GCM MAC:** Discussion on the value of registering AES-GCM MAC algorithms for high-rate traffic integrity checks. Reviewers were requested. * **C509 Certificates:** Concerns about the document accumulating excessive functionality beyond its initial scope. Discussion on which parts of the draft should remain. * **HPKE:** Alignment of the JOSE-based and COSE-based versions, taking into account a new NIST document on key derivation functions for chems. * **Two-Party Signing:** Discussion on the need for new COSE algorithm identifiers for two-party signing, where the signing process is split between a digester and a signer. Concerns raised about the system architecture and the separation between hashing and signing. * **Hash Envelope:** Proposal to address large or duplicative payloads by using a hash of the payload instead of the payload itself. Ready for last call after known issues are addressed. * **CWT Certification Paths:** Presentation on a new idea for CWTs acting as certification paths, mimicking X.509 certificate representations. * **GREASE header parameters:** introduction of dummy code points that should be ignored by the users as they ignore other code points that are not understood. ## Decisions and Action Items * **Falcon:** Hold off on abandoning the Falcon draft. Defer to individual document rather than working group document. * **AES-GCM MAC:** Several reviewers volunteered to review the draft and provide feedback on the mailing list. * **C509 Certificates:** Hannes and Mark will provide a list of parts of the draft that they believe should remain. * **Hash Envelope:** The authors will address the known issues and then the chairs will start working group last call. * **CWT Certification Paths:** Several reviewers volunteered to review the new draft. * **Two-Party Signing:** Post comments on the list as to skinning the apple. * **Grease Header Parameters:** People are asked to look for the code points email and give your feedback on that. ## Next Steps * Authors of the mentioned drafts to address the feedback received during the meeting. * Reviewers to read and provide feedback on the drafts they volunteered for. * Continue discussions on the mailing lists.