It may be premature counting out Embedded Signatures as a possible standard. Compared to the existing COSE signature container, Embedded Signatures offer several advantages:
- Signs the entire message - Retains the structure of the original message Applied to SD-CWT: https://cyberphone.github.io/sd-experimental/doc/#holder-sd-cwt Basic spec: https://www.ietf.org/archive/id/draft-rundgren-cbor-core-12.html#name-embedded-signatures Online: https://test.webpki.org/csf-lab/create Anders On 2025-09-18 19:01, The IESG wrote:
The CBOR Object Signing and Encryption (cose) WG in the Security Area of the IETF is undergoing rechartering. The IESG has not made any determination yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list ([email protected]) by 2025-09-28. CBOR Object Signing and Encryption (cose) ----------------------------------------------------------------------- Current status: Active WG Chairs: Ivaylo Petrov <[email protected]> Michael Jones <[email protected]> Assigned Area Director: Paul Wouters <[email protected]> Security Area Directors: Paul Wouters <[email protected]> Deb Cooley <[email protected]> Mailing list: Address: [email protected] To subscribe: https://www.ietf.org/mailman/listinfo/cose Archive: https://mailarchive.ietf.org/arch/browse/cose/ Group page: https://datatracker.ietf.org/group/cose/ Charter: https://datatracker.ietf.org/doc/charter-ietf-cose/ CBOR Object Signing and Encryption (COSE, RFC 9052) describes how to create and process signatures, message authentication codes, and encryption using Concise Binary Object Representation (CBOR, RFC 8949) for serialization. COSE additionally describes a representation for cryptographic keys. The COSE working group handles four types of (intended status Standard Track) documents: 1. Documents that describe the use of cryptographic algorithms in COSE. 2. Documents that describe additional attributes for COSE. 3. Documents that define header parameters to be used in COSE objects. 4. Documents that define COSE key representations. The WG will evaluate, and potentially adopt, documents dealing with algorithms that would fit the criteria of being IETF consensus algorithms. Potential candidates would include those algorithms that have been evaluated by the CFRG and algorithms which have gone through a public review and evaluation process such as was done for the NIST SHA-3 algorithms. Key management and binding of keys to identities are out of scope for the working group. The COSE WG will not innovate in terms of cryptography. The specification of algorithms in COSE is limited to those in RFCs, active CFRG or IETF WG documents, or algorithms which have been positively reviewed by the CFRG. The COSE WG will also work on a CBOR encoding of the certificate profile defined in RFC 5280. It is expected that the encoding works with RFC 7925. The main objective is to define a method of encoding current X.509 certificates that meet a specific profile into a smaller format. This encoding is invertible, so they can be expanded and normal X.509 certificate processing can be used. draft-mattsson-cose-cbor-cert-compress is expected to be a good starting point Milestones: _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
