RFC 9053: COSE Initial Algorithms



Internet Engineering Task Force (IETF) J. Schaad Request for Comments: 9053 August Cellars Obsoletes: 8152 August 2022 Category: Informational
ISSN: 2070-1721

 CBOR Object Signing and Encryption (COSE): Initial Algorithms

Abstract

Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines a set of algorithms that can be used with the CBOR Object Signing and Encryption (COSE) protocol (RFC 9052).

This document, along with RFC 9052, obsoletes RFC 8152.

Status of This Memo

This document is not an Internet Standards Track specification; it is published for informational purposes.

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are candidates for any level of Internet Standard; see Section 2 of RFC 7841.

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc9053.

Copyright Notice

Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.

Table of Contents

1. Introduction 1.1. Requirements Terminology 1.2. Changes from RFC 8152 1.3. Document Terminology 1.4. CDDL Grammar for CBOR Data Structures 1.5. Examples
2. Signature Algorithms 2.1. ECDSA 2.1.1. Security Considerations for ECDSA 2.2. Edwards-Curve Digital Signature Algorithm (EdDSA) 2.2.1. Security Considerations for EdDSA
3. Message Authentication Code (MAC) Algorithms 3.1. Hash-Based Message Authentication Codes (HMACs) 3.1.1. Security Considerations for HMAC 3.2. AES Message Authentication Code (AES-CBC-MAC) 3.2.1. Security Considerations for AES-CBC-MAC
4. Content Encryption Algorithms 4.1. AES-GCM 4.1.1. Security Considerations for AES-GCM 4.2. AES-CCM 4.2.1. Security Considerations for AES-CCM 4.3. ChaCha20 and Poly1305 4.3.1. Security Considerations for ChaCha20/Poly1305
5. Key Derivation Functions (KDFs) 5.1. HMAC-Based Extract-and-Expand Key Derivation Function (HKDF) 5.2. Context Information Structure
6. Content Key Distribution Methods 6.1. Direct Encryption 6.1.1. Direct Key 6.1.2. Direct Key with KDF 6.2. Key Wrap 6.2.1. AES Key Wrap 6.3. Direct Key Agreement 6.3.1. Direct ECDH 6.4. Key Agreement with Key Wrap 6.4.1. ECDH with Key Wrap
7. Key Object Parameters 7.1. Elliptic Curve Keys 7.1.1. Double Coordinate Curves 7.2. Octet Key Pair 7.3. Symmetric Keys
8. COSE Capabilities 8.1. Assignments for Existing Algorithms 8.2. Assignments for Existing Key Types 8.3. Examples
9. CBOR Encoding Restrictions
10. IANA Considerations 10.1. Changes to the "COSE Key Types" Registry 10.2. Changes to the "COSE Algorithms" Registry 10.3. Changes to the "COSE Key Type Parameters" Registry 10.4. Expert Review Instructions
11. Security Considerations
12. References 12.1. Normative References 12.2. Informative References Acknowledgments Author's Address