CBOR Encoded X.509 Certificates (C509 Certificates)

	draft-ietf-cose-cbor-encoded-cert-14.txt
	Date:	23/06/2025
	Authors:	John Mattsson, Goeran Selander, Shahid Raza, Joel Hoglund, Martin Furuhed
	Working Group:	CBOR Object Signing and Encryption (cose)

This document specifies a CBOR encoding of X.509 certificates. The resulting certificates are called C509 Certificates. The CBOR encoding supports a large subset of RFC 5280 and all certificates compatible with the RFC 7925, IEEE 802.1AR (DevID), CNSA 1.0, RPKI, GSMA eUICC, and CA/Browser Forum Baseline Requirements profiles. When used to re-encode DER encoded X.509 certificates, the CBOR encoding can in many cases reduce the size of RFC 7925 profiled certificates with over 50% while also significantly reducing memory and code size compared to ASN.1. The CBOR encoded structure can alternatively be signed directly ("natively signed"), which does not require re-encoding for the signature to be verified. The TLSA selectors registry defined in RFC 6698 is extended to include C509 certificates. The document also specifies C509 Certificate Requests, C509 COSE headers, a C509 TLS certificate type, and a C509 file format.

Use of Hybrid Public-Key Encryption (HPKE) with CBOR Object Signing and Encryption (COSE)

	draft-ietf-cose-hpke-13.txt
	Date:	04/06/2025
	Authors:	Hannes Tschofenig, Orie Steele, Ajitomi, Daisuke, Laurence Lundblade
	Working Group:	CBOR Object Signing and Encryption (cose)

This specification defines hybrid public-key encryption (HPKE) for use with CBOR Object Signing and Encryption (COSE). HPKE offers a variant of public-key encryption of arbitrary-sized plaintexts for a recipient public key. HPKE works for any combination of an asymmetric key encapsulation mechanism (KEM), key derivation function (KDF), and authenticated encryption with additional data (AEAD) function. Authentication for HPKE in COSE is provided by COSE-native security mechanisms or by the pre-shared key authenticated variant of HPKE. This document defines the use of the HPKE with COSE.

Barreto-Lynn-Scott Elliptic Curve Key Representations for JOSE and COSE

	draft-ietf-cose-bls-key-representations-06.txt
	Date:	18/01/2025
	Authors:	Tobias Looker, Michael Jones
	Working Group:	CBOR Object Signing and Encryption (cose)

This specification defines how to represent cryptographic keys for the pairing-friendly elliptic curves known as Barreto-Lynn-Scott (BLS), for use with the key representation formats of JSON Web Key (JWK) and COSE (COSE_Key). Discussion Venues This note is to be removed before publishing as an RFC. Source for this draft and an issue tracker can be found at https://github.com/tplooker/draft-ietf-cose-bls-key-representations.

ML-DSA for JOSE and COSE

	draft-ietf-cose-dilithium-07.txt
	Date:	12/06/2025
	Authors:	Michael Prorock, Orie Steele, Rafael Misoczki, Michael Osborne, Christine Cloostermans
	Working Group:	CBOR Object Signing and Encryption (cose)

This document describes JSON Object Signing and Encryption (JOSE) and CBOR Object Signing and Encryption (COSE) serializations for Module- Lattice-Based Digital Signature Standard (ML-DSA), a Post-Quantum Cryptography (PQC) digital signature scheme defined in FIPS 204.

COSE Receipts

	draft-ietf-cose-merkle-tree-proofs-14.txt
	Date:	11/05/2025
	Authors:	Orie Steele, Henk Birkholz, Antoine Delignat-Lavaud, Cedric Fournet
	Working Group:	CBOR Object Signing and Encryption (cose)

COSE (CBOR Object Signing and Encryption) Receipts prove properties of a verifiable data structure to a verifier. Verifiable data structures and associated proof types enable security properties, such as minimal disclosure, transparency and non-equivocation. Transparency helps maintain trust over time, and has been applied to certificates, end to end encrypted messaging systems, and supply chain security. This specification enables concise transparency oriented systems, by building on CBOR (Concise Binary Object Representation) and COSE. The extensibility of the approach is demonstrated by providing CBOR encodings for RFC9162.

COSE Header parameter for RFC 3161 Time-Stamp Tokens

	draft-ietf-cose-tsa-tst-header-parameter-06.txt
	Date:	12/06/2025
	Authors:	Henk Birkholz, Thomas Fossati, Maik Riechert
	Working Group:	CBOR Object Signing and Encryption (cose)

This document defines two CBOR Signing And Encrypted (COSE) header parameters for incorporating RFC 3161-based timestamping into COSE message structures (COSE_Sign and COSE_Sign1). This enables the use of established RFC 3161 timestamping infrastructure in COSE-based protocols.

COSE Hash Envelope

	draft-ietf-cose-hash-envelope-05.txt
	Date:	28/03/2025
	Authors:	Orie Steele, Steve Lasker, Henk Birkholz
	Working Group:	CBOR Object Signing and Encryption (cose)

This document defines new COSE header parameters for signaling a payload as an output of a hash function. This mechanism enables faster validation as access to the original payload is not required for signature validation. Additionally, hints of the detached payload's content format and availability are defined providing references to optional discovery mechanisms that can help to find original payload content.

Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

CBOR Object Signing and Encryption (cose)

WG	Name	CBOR Object Signing and Encryption
	Acronym	cose
	Area	Security Area (sec)
	State	Active
	Charter	charter-ietf-cose-04 Approved
	Document dependencies	Document dependencies Loading... Pan and zoom the dependency graph after the layout settles. Show legend Loading...
	Additional resources	Issue tracker, Wiki, Zulip Stream
Personnel	Chairs	Ivaylo Petrov, Michael B. Jones
	Area Director	Paul Wouters
Mailing list	Address	cose@ietf.org
	To subscribe	https://www.ietf.org/mailman/listinfo/cose
	Archive	https://mailarchive.ietf.org/arch/browse/cose/
Chat	Room address	https://zulip.ietf.org/#narrow/stream/cose

Charter for Working Group

CBOR Object Signing and Encryption (COSE, RFC 9052) describes how to
create and process signatures, message authentication codes, and
encryption using Concise Binary Object Representation (CBOR, RFC 8949)
for serialization. COSE additionally describes a representation for
cryptographic keys.

The COSE working group handles four types of (intended status Standard Track) documents:

Documents that describe the use of cryptographic algorithms in COSE.
Documents that describe additional attributes for COSE.
Documents that define header parameters to be used in COSE objects.
Documents that define COSE key representations.

The WG will evaluate, and potentially adopt, documents dealing with algorithms
that would fit the criteria of being IETF consensus algorithms.
Potential candidates would include those algorithms that have been evaluated by
the CFRG and algorithms which have gone through a public review and evaluation
process such as was done for the NIST SHA-3 algorithms.

Key management and binding of keys to identities are out of scope for
the working group. The COSE WG will not innovate in terms of
cryptography. The specification of algorithms in COSE is limited to
those in RFCs, active CFRG or IETF WG documents, or algorithms which
have been positively reviewed by the CFRG.

Milestones

Date	Milestone	Associated documents
Jan 2026	One or more documents describing the proper use of algorithms.	draft-ietf-cose-hpke draft-ietf-cose-dilithium draft-ietf-cose-falcon draft-ietf-cose-sphincs-plus
Nov 2025	A CBOR encoding of the certificate profile to the IESG	draft-ietf-cose-cbor-encoded-cert
Jul 2025	COSE header parameters for COSE objects that carry a payload that is an output of a hash function on an original payload to IESG	draft-ietf-cose-hash-envelope
Jun 2025	COSE header parameters for incorporating “COSE Receipts” into COSE objects to IESG	draft-ietf-cose-merkle-tree-proofs
Jun 2025	COSE header parameters for RFC 3161-based timestamping into COSE objects to IESG	draft-ietf-cose-tsa-tst-header-parameter