draft-ietf-cose-rfc8152bis-algs-00.txt		draft-ietf-cose-rfc8152bis-algs-01.txt
	COSE Working Group J. Schaad		COSE Working Group J. Schaad
	Internet-Draft August Cellars		Internet-Draft August Cellars
	Obsoletes: 8152 (if approved) January 21, 2019		Obsoletes: 8152 (if approved) February 14, 2019
	Intended status: Standards Track		Intended status: Standards Track
	Expires: July 25, 2019		Expires: August 18, 2019
	CBOR Algorithms for Object Signing and Encryption (COSE)		CBOR Algorithms for Object Signing and Encryption (COSE)
	draft-ietf-cose-rfc8152bis-algs-00		draft-ietf-cose-rfc8152bis-algs-01
	Abstract		Abstract
	Concise Binary Object Representation (CBOR) is a data format designed		Concise Binary Object Representation (CBOR) is a data format designed
	for small code size and small message size. There is a need for the		for small code size and small message size. There is a need for the
	ability to have basic security services defined for this data format.		ability to have basic security services defined for this data format.
	This document defines the CBOR Object Signing and Encryption (COSE)		This document defines the CBOR Object Signing and Encryption (COSE)
	protocol. This specification describes how to create and process		protocol. This specification describes how to create and process
	signatures, message authentication codes, and encryption using CBOR		signatures, message authentication codes, and encryption using CBOR
	for serialization. COSE additionally describes how to represent		for serialization. COSE additionally describes how to represent
	skipping to change at page 2, line 7 ¶		skipping to change at page 2, line 7 ¶
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at https://datatracker.ietf.org/drafts/current/.		Drafts is at https://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on July 25, 2019.		This Internet-Draft will expire on August 18, 2019.
	Copyright Notice		Copyright Notice
	Copyright (c) 2019 IETF Trust and the persons identified as the		Copyright (c) 2019 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(https://trustee.ietf.org/license-info) in effect on the date of		(https://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	carefully, as they describe your rights and restrictions with respect		carefully, as they describe your rights and restrictions with respect
	to this document. Code Components extracted from this document must		to this document. Code Components extracted from this document must
	include Simplified BSD License text as described in Section 4.e of		include Simplified BSD License text as described in Section 4.e of
	the Trust Legal Provisions and are provided without warranty as		the Trust Legal Provisions and are provided without warranty as
	described in the Simplified BSD License.		described in the Simplified BSD License.
	Table of Contents		Table of Contents
	1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3		1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
	1.1. Requirements Terminology . . . . . . . . . . . . . . . . 4		1.1. Requirements Terminology . . . . . . . . . . . . . . . . 4
	1.2. Document Terminology . . . . . . . . . . . . . . . . . . 4		1.2. Changes from RFC8152 . . . . . . . . . . . . . . . . . . 4
	1.3. CBOR Grammar . . . . . . . . . . . . . . . . . . . . . . 4		1.3. Document Terminology . . . . . . . . . . . . . . . . . . 4
			1.4. CBOR Grammar . . . . . . . . . . . . . . . . . . . . . . 4
	2. Signature Algorithms . . . . . . . . . . . . . . . . . . . . 4		2. Signature Algorithms . . . . . . . . . . . . . . . . . . . . 4
	2.1. ECDSA . . . . . . . . . . . . . . . . . . . . . . . . . . 4		2.1. ECDSA . . . . . . . . . . . . . . . . . . . . . . . . . . 5
	2.1.1. Security Considerations . . . . . . . . . . . . . . . 6		2.1.1. Security Considerations . . . . . . . . . . . . . . . 6
	2.2. Edwards-Curve Digital Signature Algorithms (EdDSAs) . . . 7		2.2. Edwards-Curve Digital Signature Algorithms (EdDSAs) . . . 7
	2.2.1. Security Considerations . . . . . . . . . . . . . . . 8		2.2.1. Security Considerations . . . . . . . . . . . . . . . 8
	3. Message Authentication Code (MAC) Algorithms . . . . . . . . 8		3. Message Authentication Code (MAC) Algorithms . . . . . . . . 8
	3.1. Hash-Based Message Authentication Codes (HMACs) . . . . . 8		3.1. Hash-Based Message Authentication Codes (HMACs) . . . . . 8
	3.1.1. Security Considerations . . . . . . . . . . . . . . . 9		3.1.1. Security Considerations . . . . . . . . . . . . . . . 10
	3.2. AES Message Authentication Code (AES-CBC-MAC) . . . . . . 10		3.2. AES Message Authentication Code (AES-CBC-MAC) . . . . . . 10
	3.2.1. Security Considerations . . . . . . . . . . . . . . . 11		3.2.1. Security Considerations . . . . . . . . . . . . . . . 11
	4. Content Encryption Algorithms . . . . . . . . . . . . . . . . 11		4. Content Encryption Algorithms . . . . . . . . . . . . . . . . 11
	4.1. AES GCM . . . . . . . . . . . . . . . . . . . . . . . . . 11		4.1. AES GCM . . . . . . . . . . . . . . . . . . . . . . . . . 11
	4.1.1. Security Considerations . . . . . . . . . . . . . . . 12		4.1.1. Security Considerations . . . . . . . . . . . . . . . 12
	4.2. AES CCM . . . . . . . . . . . . . . . . . . . . . . . . . 13		4.2. AES CCM . . . . . . . . . . . . . . . . . . . . . . . . . 13
	4.2.1. Security Considerations . . . . . . . . . . . . . . . 15		4.2.1. Security Considerations . . . . . . . . . . . . . . . 15
	4.3. ChaCha20 and Poly1305 . . . . . . . . . . . . . . . . . . 15		4.3. ChaCha20 and Poly1305 . . . . . . . . . . . . . . . . . . 15
	4.3.1. Security Considerations . . . . . . . . . . . . . . . 16		4.3.1. Security Considerations . . . . . . . . . . . . . . . 16
	5. Key Derivation Functions (KDFs) . . . . . . . . . . . . . . . 16		5. Key Derivation Functions (KDFs) . . . . . . . . . . . . . . . 16
	skipping to change at page 4, line 13 ¶		skipping to change at page 4, line 15 ¶
	beyond what are in this document are defined elsewhere.		beyond what are in this document are defined elsewhere.
	1.1. Requirements Terminology		1.1. Requirements Terminology
	The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",		The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
	"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and		"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
	"OPTIONAL" in this document are to be interpreted as described in BCP		"OPTIONAL" in this document are to be interpreted as described in BCP
	14 [RFC2119] [RFC8174] when, and only when, they appear in all		14 [RFC2119] [RFC8174] when, and only when, they appear in all
	capitals, as shown here.		capitals, as shown here.
	1.2. Document Terminology		1.2. Changes from RFC8152
			TBD
			1.3. Document Terminology
	In this document, we use the following terminology:		In this document, we use the following terminology:
	Byte is a synonym for octet.		Byte is a synonym for octet.
	Constrained Application Protocol (CoAP) is a specialized web transfer		Constrained Application Protocol (CoAP) is a specialized web transfer
	protocol for use in constrained systems. It is defined in [RFC7252].		protocol for use in constrained systems. It is defined in [RFC7252].
	Authenticated Encryption (AE) [RFC5116] algorithms are those		Authenticated Encryption (AE) [RFC5116] algorithms are those
	encryption algorithms that provide an authentication check of the		encryption algorithms that provide an authentication check of the
	plain text contents as part of the encryption service.		plain text contents as part of the encryption service.
	Authenticated Encryption with Authenticated Data (AEAD) [RFC5116]		Authenticated Encryption with Authenticated Data (AEAD) [RFC5116]
	algorithms provide the same content authentication service as AE		algorithms provide the same content authentication service as AE
	algorithms, but they additionally provide for authentication of non-		algorithms, but they additionally provide for authentication of non-
	encrypted data as well.		encrypted data as well.
	1.3. CBOR Grammar		1.4. CBOR Grammar
	At the time that [RFC8152] was initially published, the CBOR Data		At the time that [RFC8152] was initially published, the CBOR Data
	Definition Language (CDDL) [I-D.ietf-cbor-cddl] had not yet been		Definition Language (CDDL) [I-D.ietf-cbor-cddl] had not yet been
	published. This document uses a variant of CDDL which is described		published. This document uses a variant of CDDL which is described
	in [I-D.schaad-cose-rfc8152bis-struct]		in [I-D.schaad-cose-rfc8152bis-struct]
	2. Signature Algorithms		2. Signature Algorithms
	The document defines signature algorithm identifiers for two		The document defines signature algorithm identifiers for two
	signature algorithms.		signature algorithms.
	skipping to change at page 42, line 23 ¶		skipping to change at page 42, line 23 ¶
	[SEC1] Certicom Research, "SEC 1: Elliptic Curve Cryptography",		[SEC1] Certicom Research, "SEC 1: Elliptic Curve Cryptography",
	Standards for Efficient Cryptography, Version 2.0, May		Standards for Efficient Cryptography, Version 2.0, May
	2009, <http://www.secg.org/sec1-v2.pdf>.		2009, <http://www.secg.org/sec1-v2.pdf>.
	10.2. Informative References		10.2. Informative References
	[I-D.ietf-cbor-cddl]		[I-D.ietf-cbor-cddl]
	Birkholz, H., Vigano, C., and C. Bormann, "Concise data		Birkholz, H., Vigano, C., and C. Bormann, "Concise data
	definition language (CDDL): a notational convention to		definition language (CDDL): a notational convention to
	express CBOR and JSON data structures", draft-ietf-cbor-		express CBOR and JSON data structures", draft-ietf-cbor-
	cddl-06 (work in progress), November 2018.		cddl-07 (work in progress), February 2019.
	[RFC4231] Nystrom, M., "Identifiers and Test Vectors for HMAC-SHA-		[RFC4231] Nystrom, M., "Identifiers and Test Vectors for HMAC-SHA-
	224, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512",		224, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512",
	RFC 4231, DOI 10.17487/RFC4231, December 2005,		RFC 4231, DOI 10.17487/RFC4231, December 2005,
	<https://www.rfc-editor.org/info/rfc4231>.		<https://www.rfc-editor.org/info/rfc4231>.
	[RFC4493] Song, JH., Poovendran, R., Lee, J., and T. Iwata, "The		[RFC4493] Song, JH., Poovendran, R., Lee, J., and T. Iwata, "The
	AES-CMAC Algorithm", RFC 4493, DOI 10.17487/RFC4493, June		AES-CMAC Algorithm", RFC 4493, DOI 10.17487/RFC4493, June
	2006, <https://www.rfc-editor.org/info/rfc4493>.		2006, <https://www.rfc-editor.org/info/rfc4493>.
End of changes. 10 change blocks.
	11 lines changed or deleted		16 lines changed or added
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/