I will raise the same issue that I did during the working group (https://mailarchive.ietf.org/arch/msg/cose/6SpNYAD0YC0fTM0dOA7MZ3fnqqo/ is the first time). The messages sent over to CFRG did not receive a positive response for the IETF recommending it (https://mailarchive.ietf.org/arch/msg/cfrg/iuRak1_HFZ33oWDWPl7KbvZHC0k/ among others). I believe that the IESG needs to debate if this document should be the one which makes the secp256k1 curve a recommended IETF curve to use. Jim -----Original Message----- From: COSE <cose-bounces@xxxxxxxx> On Behalf Of The IESG Sent: Wednesday, May 13, 2020 5:40 AM To: IETF-Announce <ietf-announce@xxxxxxxx> Cc: Ivaylo Petrov <ivaylo@xxxxxxx>; cose-chairs@xxxxxxxx; superuser@xxxxxxxxx; draft-ietf-cose-webauthn-algorithms@xxxxxxxx; cose@xxxxxxxx Subject: [COSE] Last Call: <draft-ietf-cose-webauthn-algorithms-05.txt> (COSE and JOSE Registrations for WebAuthn Algorithms) to Proposed Standard The IESG has received a request from the CBOR Object Signing and Encryption WG (cose) to consider the following document: - 'COSE and JOSE Registrations for WebAuthn Algorithms' <draft-ietf-cose-webauthn-algorithms-05.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@xxxxxxxx mailing lists by 2020-05-27. Exceptionally, comments may be sent to iesg@xxxxxxxx instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The W3C Web Authentication (WebAuthn) specification and the FIDO Alliance Client to Authenticator Protocol (CTAP) specification use CBOR Object Signing and Encryption (COSE) algorithm identifiers. This specification registers the following algorithms in the IANA "COSE Algorithms" registry, which are used by WebAuthn and CTAP implementations: RSASSA-PKCS1-v1_5 using SHA-256, SHA-384, SHA-512, and SHA-1, and ECDSA using the secp256k1 curve and SHA-256. It registers the secp256k1 elliptic curve in the IANA "COSE Elliptic Curves" registry. Also, for use with JSON Object Signing and Encryption (JOSE), it registers the algorithm ECDSA using the secp256k1 curve and SHA-256 in the IANA "JSON Web Signature and Encryption Algorithms" registry and the secp256k1 elliptic curve in the IANA "JSON Web Key Elliptic Curve" registry. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-cose-webauthn-algorithms/ No IPR declarations have been submitted directly on this I-D. The document contains these normative downward references. See RFC 3967 for additional information: rfc6194: Security Considerations for the SHA-0 and SHA-1 Message-Digest Algorithms (Informational - IETF stream) _______________________________________________ COSE mailing list COSE@xxxxxxxx https://www.ietf.org/mailman/listinfo/cose -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
