COSE (CBOR Object Signing and Encryption) Receipts
draft-ietf-cose-merkle-tree-proofs-17

[Ballot comment]
In Section 2, I don't understand the "introduces a new Section..." language. This reads as if updating an existing RFC to add new sections to it, but the links are to sections in this document. Those sections establish new registries; should this say "a new registry (see Section ...) that contains..."?

The notation used in Section 4.1 ("EC2 keys (1: 2)") probably warrants a bit more explanation. By parallel with the "(TBD_1 : 1)" below, I presume that it should be read "When COSE header parameter 1 is set to the value 2..."?

Section 5.2.1 appears to contain guidance to future VDS definitions, but Section 5 is intended to be a definition of one specific VDS as well as an exemplar of how to do such a definition. That guidance might be better placed elsewhere and let Section 5 focus on this specific VDS. Note also that the recommended behavior (making payloads detatched) is then carried out a few paragraphs later along with a duplicative explanation of why that needs to be done.

As Ralph Merkle (inventor of the Merkle tree) is a person, "Merkle" should be capitalized throughout.

===NITS FOLLOW===

Section 1, "proves" => "proofs"?
Section 4.2, "merkle tree based" => "Merkle-tree-based"
Section 4.3, "this Receipts" should probably be "these Receipts" or simply "Receipts"
Section 4.3, "verifiable data structure specific" => "verifiable-data-structure-specific"
Section 4.3.1, "an IANA registration must be made for each individually supported algorithm" => "a separate IANA registration must be made for each supported algorithm"

[Ballot comment]
I have no transport-related observations.

Please consider the following comments when revising this document:
---
Introduction:
  COSE Receipts can include proves that a
  document is in a database (proof of inclusion)
- Is this correct: /proves/ ? is this /proofs/?
- or ... /can prove that a.../
---
/increase burden for implementers/
- insert /the/ before /burden/?
---
/which corresponds to the log/
- could be /that corresponds to the log/
---
/It is recommended
  that implementations return a single boolean result for Receipt verification operations.../
- Please check, whether this ought to be a normative RECOMMENDED?
---
and does /merkle tree/ have a capital 'M' or 'M' and 'T'?
---

[Ballot comment]
Thanks to Charlie Kaufman for their secdir review (his nits still exist in the draft, btw).

Section 4.1, 8.2.2:  I don't love the fact that the registry called 'COSE Verifiable Data Structures' is actually an algorithm registry - super confusing.  Moreover, the description in the registration template in Section 8.2.2 says nothing about algorithms.  In section 4.1, there is a sentence that calls it 'a registry of verifiable data structure algorithms'.  Can we change the name of the registry to that? 

Section 7:  While I think it is probably too early for this, it might be wise to have a post quantum section here warning of an eventual shift in algorithms.  Depending on how long the proofs and receipts are expected to be valid will determine how soon an algorithm migration should be considered.  I would be happy to help write it if that is helpful.  Note:  I would expect that this includes both the hash (currently only SHA-2 256 is registered) and the signatures.

Authors:  A nit...  Will Orie change his contact details before publication?  Seems like it might be better in the long run.

[Ballot comment]

# Éric Vyncke, INT AD, comments for draft-ietf-cose-merkle-tree-proofs-14
CC @evyncke

Thank you for the work put into this document. While the introduction is easy to read, the rest of the document is less easy though.

Please find below some non-blocking COMMENT points/nits (replies would be appreciated even if only for my own education).

Special thanks to Ivaylo Petrov for the shepherd's write-up including the WG consensus *and* the justification of the intended status.

I hope that this review helps to improve the document,

Regards,

-éric


## COMMENTS (non-blocking)

### Section 4.1

For a non-expert reader, ` EC2 keys (1: 2)` is basically meaningless especially `(1: 2)`.

### Section 4.2

`Security analysis SHOULD be conducted` why not a "MUST" and it a "SHOULD", then explain why and when the "SHOULD" can be bypassed.

### Section 4.3

Should it be "TBD_0" in `This document registered a new COSE Header Parameter receipts (394)` ? Also in Figure 1.

Is Figure 2 just an example or normative ? If example (as I guess), then clearly label it as 'example' in the caption and in the leading text.

### Section 5.2.1

Please replace 395 & co with TBC_* (not repeating this further).

### Section 6

Sometimes it is better to state the obvious and state that the privacy considerations of the 2 RFCs also apply to this document.

### Section 9

It is obviously up to the authors, but should there be a section about "Contributors" rather than writing `for their contributions (some of which substantial)` ?

## NITS (non-blocking / cosmetic)

### Capitalization of Merkle

There is at least one `merkle tree`, i.e., missing the capitalisation...

[Ballot comment]
Thank you to Linda Dunbar for the GENART review.

** Section 2.  Editorial.
    Correspondingly, this
      document introduces a new Section 8.2.2 that registers the
      integers used to identify verifiable data structures.

What does it mean to introduce a “new Section 8.2.2” per the write-up of TBD_1?  Maybe:

NEW
Correspondingly, this document introduces a new registry (see Section 8.2.2) that registers the identifiers used to identify verifiable data structures.
Same recommendation for TBD_2.

** Section 4.2.  Table 2.  Shouldn’t the values provided in the reference column also include an RFC in addition to the section numbers?

** Section 4.2
  Security analysis SHOULD be
  conducted prior to migrating to new structures to ensure the new
  security and privacy assumptions are acceptable for the use case

-- The situation where one is migrating between new structures isn’t sufficiently described

-- When would security analysis NOT be appropriate (as a SHOULD is used)?  Perhaps it might be better to use a lower case “should”.

** Section 5.1
5.1.  Verifiable Data Structure

  The integer identifier for this Verifiable Data Structure is 1.  The
  string identifier for this Verifiable Data Structure is
  "RFC9162_SHA256".  See Table 1.  See [RFC9162], 2.1.1.  Definition of
  the Merkle Tree, for a complete description of this verifiable data
  structure.

Should the text explicitly say (what is obvious from string identifier), that RFC9162_SHA256 is a Merkle Tree where SHA256 is used as the hash algorithm?

** Section 5.2.
  The term leaf-index is used for alignment with the use established in
  [RFC9162]
  Note that [RFC9162] defines that verification MUST fail if leaf-index
  is >= tree-size, and inclusion proofs are defined only for leaf
  nodes.  The identifying index of a leaf node is relative to all nodes
  in the tree size for which the proof was obtained.

Perhaps be clear that the term is “leaf_index” in Section 2.1.3.1 of RFC9162.

** Section 7
  See the security considerations section of:
  *  [RFC9162]
  *  [RFC9053]

-- Is this text saying that the security considerations of these two RFCs apply?

-- The Security Considerations of RFC9162 seems to have significant guidance related to CT.  Is there only a particular part of RFC9162’s Security Considerations which applies?

** Section 7.1
  A security analysis MUST be performed to ensure that the digital
  signature algorithm alg has the appropriate strength to secure
  receipts.

Is “MUST” the appropriate guidance here since an interoperable way to do “security analysis” on the appropriate strength isn’t clear?

[Ballot comment]
Hi Orie, Henk, Antoine, and Cédric,

Thanks for the effort put into this specification.

Please find some comments below:

# CDDL is normative

Please move to RFC8610 to be listed a normative.

# Normative language

Overall, the use of the normative language seems inconsistent, especially for the implementation behavior. Examples that triggered my comments are:

  It is recommended
  that implementations return a single boolean result for Receipt
  verification operations, to reduce the chance of accepting a valid
  signature over an invalid inclusion proof.

Or

  It is recommended to select signature algorithms that share
  cryptographic components with the verifiable data structure used,

And similar ones.

Also, some clarity about object construction/verification behaviors vs. those related to actual use would be helpful.

# Implementers or users?

CURRENT:
  Implementers should not expect interoperability across
  "verifiable data structures", but they should expect conceptually
  similar properties across the different registered proof types.  For
  example, 2 different merkle tree based verifiable data structures
  might both support proofs of inclusion.

The first sentence in particular smells more relevant for actual use rather than design phase/implementers? Maybe I’m missing the point this text tries to make.

Also, not sure what are the concrete implications of the interoperability mentioned here.

# Why this isn’t a MUST?

CURRENT (4.2):
  Security analysis SHOULD be
  conducted prior to migrating to new structures to ensure the new
  security and privacy assumptions are acceptable for the use case.

# Check

CURRENT (4.3):
  When the receipts header parameter is present, the associated
  verifiable data structure and verifiable data structure proofs MUST
  match entries present in the registries established in this
  specification.

I guess you don’t imply the check should be against the initial values established by this doc, but also future registered values are covered. I suggest to make that more clear and consider this change:

NEW:
  When the receipts header parameter is present, the associated
  verifiable data structure and verifiable data structure proofs MUST
  match entries present in the registries [IANA_URL].

BTW, which entity is required to do the analysis?

Idem for which entity (user, implementer, verifier, etc.) is targeted by:

  A privacy analysis MUST be
  performed for all mandatory fields in profiles based on this
  specification.

And

  A security analysis MUST be performed to ensure that the digital
  signature algorithm alg has the appropriate strength to secure
  receipts.

# Each specification?

CURRENT:
  Each specification MUST define how to encode the verifiable data
  ^^^^^^^^^^^^^^^^^^
  structure identifier and its proof types in CBOR.  Each specification
                                                      ^^^^^^^^^^^^^^^^^^
  MUST define how to produce and consume the supported proof types.
  See Section 5 as an example.

Not sure to understand what is referred to by “Each specification” here.

# Payloads

Section 5.2.1 says:

  Specifications are
  encouraged to make payloads detached when possible, forcing
                                      ^^^^^^^^^^^^^^
  validation-time comparison. 

and then

  The payload SHOULD be detached. 

What are the implications if this is not the case?

# IANA Registries & Hidden Required IANA  Actions

CURRENT:
  IANA established the COSE Verifiable Data Structures and COSE
  Verifiable Data Structure Proofs registries under a Specification
  Required policy as described in [RFC8126].

I failed to find these. Can we please have pointers to where those are defined?

Also, Section 4.1 says:

  This document establishes a registry of verifiable data structure
  algorithms, with the following initial contents:

Idem, Section 4.2 states:
  This document establishes a registry of verifiable data structure
  algorithms, with the following initial contents:

which seems a hidden IANA actions. Not sure, why these contents are not part of the IANA section, though.

# Nits

## Title: Please expand COSE in the title.

## Abstract should be self-contained

s/RFC 9162/“Certificate Transparency Version 2.0” (RFC 9162)

## Section 2

* s/ore more COSE Receipts/or more COSE Receipts

* s/a new Section 8.2.2/ a new registry (Section 8.2.2)

* s/a new Section 8.2.3/ a new registry (Section 8.2.3)

## Section 4.1

OLD:
  +================+=======+===========================+===========+
  | Name          | Value | Description              | Reference |
  +================+=======+===========================+===========+
  | Reserved      | 0    | Reserved                  | Reserved  |

NEW:
  +================+=======+===========================+===========+
  | Name          | Value | Description              | Reference |
  +================+=======+===========================+===========+
  | Reserved      | 0    | Reserved                  |THIS_DOCUMENT |

## Section 4.2

Please fix the following

CURRENT:
  as EC2 keys (1: 2) keys 

## Section 4.3

* s/This document registered/ This document registers

* Which receipt/receipts are we referring to?

CURRENT:
  to enable this Receipts to be conveyed in the protected and
            ^^^^ ^      ^
  unprotected headers of COSE Objects.

Also, check the singular/plural use.

*

OLD: The specific structure of COSE Receipts are dependent

NEW: The specific structure of COSE Receipts is dependent

## Section 5.2

(1) CURRENT:

  Note that [RFC9162] defines that verification MUST fail if leaf-index
  is >= tree-size, and inclusion proofs are defined only for leaf
  nodes. 

May format this as a quote to insist this is not a NEW behavior.

(2) s/verifiers applies/verifier applies 

Cheers,
Med

Small fix suggested in https://github.com/cose-wg/draft-ietf-cose-merkle-tree-proofs/pull/53 (I realize maybe the last bullet point in my last mail was not clear): this reverts a change that was not necessary IMO, but adds the Value Registry field in the table as previously requested.

Everything else is good.

IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-cose-merkle-tree-proofs-13. If any part of this review is inaccurate, please let us know.

IANA understands that, upon approval of this document, there are three actions which we must complete.

First, in the COSE Header Parameters registry in the CBOR Object Signing and Encryption (COSE) registry group located at:

https://www.iana.org/assignments/cose/

three new registrations are to be made as follows:

Name: receipts
Label: [ TBD-at-Registration ]
Value Type: array
Description: Priority ordered sequence of CBOR encoded Receipts
Reference: [ RFC-to-be; Section 2]

Name: vds
Label: [ TBD-at-Registration ]
Value Type: int
Description: Algorithm identifier for COSE Verifiable Data Structures, used to produce COSE Verifiable Data Structure Proofs
Reference: [ RFC-to-be; Section 2]

Name: vdp
Label: [ TBD-at-Registration ]
Value Type: map
Description: Map key for COSE Verifiable Data Structure Proofs in COSE Header Parameters
Reference: [ RFC-to-be; Section ]

IANA notes that the authors have suggested values for the labels for these registrations (394, 395, 396).

As this document requests registrations in an Expert Review or Specification Required (see RFC 8126) registry, we have initiated the required Expert Review via a separate request (we also note that these registrations are pending early allocation). This review must be completed before the document's IANA state can be changed to "IANA OK."

Second, a new registry is to be created called the COSE Verifiable Data Structures registry. The new registry will be located in the CBOR Object Signing and Encryption (COSE) registry group located at:

https://www.iana.org/assignments/cose/

The registration policy for the new registry is Specification Required as defined in [RFC8126]. There are initial registrations in the new registry as follows:

Name Value Description Reference
------+----+-----------+----------
Reserved 0 Reserved
RFC9162_SHA256 1 SHA256 Binary Merkle Tree [RFC9162]

Third, a new registry is to be created called the COSE Verifiable Data Structure Proofs registry. The new registry will be located in the CBOR Object Signing and Encryption (COSE) registry group located at:

https://www.iana.org/assignments/cose/

The registration policy for the new registry is Specification Required as defined in [RFC8126]. There are initial registrations in the new registry as follows:

Verifiable Data Structure Name Label CBOR Type Description Reference
-------------------------+-----+----+------------+----------+-----------
1 inclusion proofs -1 array (of bstr) Proof of inclusion [ RFC-to-be; Section 5.2]
1 consistency proofs -2 array (of bstr) Proof of append only property [ RFC-to-be; Section 5.3]

We understand that these are the only actions required to be completed upon approval of this document.

NOTE: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

For definitions of IANA review states, please see:

https://datatracker.ietf.org/help/state/draft/iana-review

Thank you,

David Dong
IANA Services Sr. Specialist

The following Last Call announcement was sent out (ends 2025-05-13):

From: The IESG
To: IETF-Announce
CC: cose-chairs@ietf.org, cose@ietf.org, draft-ietf-cose-merkle-tree-proofs@ietf.org, ivaylopetrov@google.com, paul.wouters@aiven.io
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (COSE Receipts) to Proposed Standard


The IESG has received a request from the CBOR Object Signing and Encryption
WG (cose) to consider the following document: - 'COSE Receipts'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2025-05-13. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  COSE (CBOR Object Signing and Encryption) Receipts prove properties
  of a verifiable data structure to a verifier.  Verifiable data
  structures and associated proof types enable security properties,
  such as minimal disclosure, transparency and non-equivocation.
  Transparency helps maintain trust over time, and has been applied to
  certificates, end to end encrypted messaging systems, and supply
  chain security.  This specification enables concise transparency
  oriented systems, by building on CBOR (Concise Binary Object
  Representation) and COSE.  The extensibility of the approach is
  demonstrated by providing CBOR encodings for RFC9162.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-cose-merkle-tree-proofs/


The following IPR Declarations may be related to this I-D:

  https://datatracker.ietf.org/ipr/6609/



The document contains these normative downward references.
See RFC 3967 for additional information:
    rfc9162: Certificate Transparency Version 2.0 (Experimental - Internet Engineering Task Force (IETF) stream)

# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this write-up to give helpful context to Last Call
and Internet Engineering Steering Group ([IESG][1]) reviewers, and your
diligence in completing it is appreciated. The full role of the shepherd is
further described in [RFC 4858][2]. You will need the cooperation of the authors
and editors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

  It reached broad agreement.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

  There was nothing particularly controversial.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

  No.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

  Yes, there are at least 3 implementations as far as I am aware. It was reported that on -05 some of them have successfully tested interoperability, but I do not know if that has been done for -07.

## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

  This document is relevant for SCITT and people from the SCITT working group have reviewed it.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

  IANA reviews have not yet taken place and I don’t believe any other type of review is necessary.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

  The document does not contain a YANG module.

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

  CDDL has been checked in a previous version.

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

  Yes.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. For which areas have such issues been identified
    and addressed? For which does this still need to happen in subsequent
    reviews?

    I am unaware of such issues in this document.

11. What type of RFC publication is being requested on the IETF stream ([Best
    Current Practice][12], [Proposed Standard, Internet Standard][13],
    [Informational, Experimental or Historic][14])? Why is this the proper type
    of RFC? Do all Datatracker state attributes correctly reflect this intent?

    Proposed Standard is being requested. The specification normatively describes
how to convey verifiable data structure and associated verifiable data structure proofs types in unified COSE envelopes. Therefore, I believe this is the correct document type.


12. Have reasonable efforts been made to remind all authors of the intellectual
    property rights (IPR) disclosure obligations described in [BCP 79][7]? To
    the best of your knowledge, have all required disclosures been filed? If
    not, explain why. If yes, summarize any relevant discussion, including links
    to publicly-available messages when applicable.

    One of the authors have initially indicated that the IPR disclosed in https://datatracker.ietf.org/ipr/6609/ should be relevant for this draft. Later they updated their statement and filed https://datatracker.ietf.org/ipr/6621/ stating that it should not apply based on further discussions with their lawyer: https://mailarchive.ietf.org/arch/msg/cose/uaXAo7zsnFg1XHOq1xoIKUR6ah8/.

13. Has each author, editor, and contributor shown their willingness to be
    listed as such? If the total number of authors and editors on the front page
    is greater than five, please provide a justification.

    Yes.

14. Document any remaining I-D nits in this document. Simply running the [idnits
    tool][8] is not enough; please review the ["Content Guidelines" on
    authors.ietf.org][15]. (Also note that the current idnits tool generates
    some incorrect warnings; a rewrite is underway.)

    I'm not aware of nits.

15. Should any informative references be normative or vice-versa? See the [IESG
    Statement on Normative and Informative References][16].

    All the references are appropriately categorized.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

    None.

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
    97][10]) that are not already listed in the [DOWNREF registry][17]? If so,
    list them.
   
    - There are (appropriate and necessary) normative references to an informational RFC: "CBOR Object Signing and Encryption (COSE): Initial Algorithms" [RFC 9053].
    - RFC 9162 has experimental status and therefore also constitutes a downref.

18. Are there normative references to documents that are not ready to be
    submitted to the IESG for publication or are otherwise in an unclear state?
    If so, what is the plan for their completion?

    No

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

    No

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][11]).

    The IANA actions are clearly described and appropriate.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

    New IANA registries:
    - COSE Verifiable Data Structures
    - COSE Verifiable Data Structure Parameters
    I believe that the instructions for the Designated Expert are clear.


[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://wiki.ietf.org/group/ops/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://wiki.ietf.org/group/iesg/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]: https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/

# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this write-up to give helpful context to Last Call
and Internet Engineering Steering Group ([IESG][1]) reviewers, and your
diligence in completing it is appreciated. The full role of the shepherd is
further described in [RFC 4858][2]. You will need the cooperation of the authors
and editors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

  It reached broad agreement.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

  There was nothing particularly controversial.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

  No.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

  Yes, there are at least 3 implementations as far as I am aware. It was reported that on -05 some of them have successfully tested interoperability, but I do not know if that has been done for -07.

## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

  This document is relevant for SCITT and people from the SCITT working group have reviewed it.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

  IANA reviews have not yet taken place and I don’t believe any other type of review is necessary.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

  The document does not contain a YANG module.

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

  CDDL has been checked in a previous version.

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

  Yes.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. For which areas have such issues been identified
    and addressed? For which does this still need to happen in subsequent
    reviews?

    I am unaware of such issues in this document.

11. What type of RFC publication is being requested on the IETF stream ([Best
    Current Practice][12], [Proposed Standard, Internet Standard][13],
    [Informational, Experimental or Historic][14])? Why is this the proper type
    of RFC? Do all Datatracker state attributes correctly reflect this intent?

    Proposed Standard is being requested. The specification normatively describes
how to convey verifiable data structure and associated verifiable data structure proofs types in unified COSE envelopes. Therefore, I believe this is the correct document type.


12. Have reasonable efforts been made to remind all authors of the intellectual
    property rights (IPR) disclosure obligations described in [BCP 79][7]? To
    the best of your knowledge, have all required disclosures been filed? If
    not, explain why. If yes, summarize any relevant discussion, including links
    to publicly-available messages when applicable.

    One of the authors have initially indicated that the IPR disclosed in https://datatracker.ietf.org/ipr/6609/ should be relevant for this draft. Later they updated their statement and filed https://datatracker.ietf.org/ipr/6621/ stating that it should not apply based on further discussions with their lawyer: https://mailarchive.ietf.org/arch/msg/cose/uaXAo7zsnFg1XHOq1xoIKUR6ah8/.

13. Has each author, editor, and contributor shown their willingness to be
    listed as such? If the total number of authors and editors on the front page
    is greater than five, please provide a justification.

    Yes.

14. Document any remaining I-D nits in this document. Simply running the [idnits
    tool][8] is not enough; please review the ["Content Guidelines" on
    authors.ietf.org][15]. (Also note that the current idnits tool generates
    some incorrect warnings; a rewrite is underway.)

    I'm not aware of nits.

15. Should any informative references be normative or vice-versa? See the [IESG
    Statement on Normative and Informative References][16].

    All the references are appropriately categorized.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

    None.

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
    97][10]) that are not already listed in the [DOWNREF registry][17]? If so,
    list them.
   
    - There are (appropriate and necessary) normative references to an informational RFC: "CBOR Object Signing and Encryption (COSE): Initial Algorithms" [RFC 9053].
    - RFC 9162 has experimental status and therefore also constitutes a downref.

18. Are there normative references to documents that are not ready to be
    submitted to the IESG for publication or are otherwise in an unclear state?
    If so, what is the plan for their completion?

    No

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

    No

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][11]).

    The IANA actions are clearly described and appropriate.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

    New IANA registries:
    - COSE Verifiable Data Structures
    - COSE Verifiable Data Structure Parameters
    I believe that the instructions for the Designated Expert are clear.


[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://wiki.ietf.org/group/ops/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://wiki.ietf.org/group/iesg/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]: https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/

# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this write-up to give helpful context to Last Call
and Internet Engineering Steering Group ([IESG][1]) reviewers, and your
diligence in completing it is appreciated. The full role of the shepherd is
further described in [RFC 4858][2]. You will need the cooperation of the authors
and editors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

  It reached broad agreement.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

  There was nothing particularly controversial.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

  No.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

  Yes, there are at least 3 implementations as far as I am aware. It was reported that on -05 some of them have successfully tested interoperability, but I do not know if that has been done for -07.

## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

  This document is relevant for SCITT and people from the SCITT working group have reviewed it.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

  IANA reviews have not yet taken place and I don’t believe any other type of review is necessary.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

  The document does not contain a YANG module.

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

  CDDL has been checked in a previous version.

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

  Yes.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. For which areas have such issues been identified
    and addressed? For which does this still need to happen in subsequent
    reviews?

    I am unaware of such issues in this document.

11. What type of RFC publication is being requested on the IETF stream ([Best
    Current Practice][12], [Proposed Standard, Internet Standard][13],
    [Informational, Experimental or Historic][14])? Why is this the proper type
    of RFC? Do all Datatracker state attributes correctly reflect this intent?

    Proposed Standard is being requested. The specification normatively describes
how to convey verifiable data structure and associated verifiable data structure proofs types in unified COSE envelopes. Therefore, I believe this is the correct document type.


12. Have reasonable efforts been made to remind all authors of the intellectual
    property rights (IPR) disclosure obligations described in [BCP 79][7]? To
    the best of your knowledge, have all required disclosures been filed? If
    not, explain why. If yes, summarize any relevant discussion, including links
    to publicly-available messages when applicable.

    The authors were aware of one IPR that might be relevant and have disclosed the relevant information in https://datatracker.ietf.org/ipr/6609/.

13. Has each author, editor, and contributor shown their willingness to be
    listed as such? If the total number of authors and editors on the front page
    is greater than five, please provide a justification.

    Yes.

14. Document any remaining I-D nits in this document. Simply running the [idnits
    tool][8] is not enough; please review the ["Content Guidelines" on
    authors.ietf.org][15]. (Also note that the current idnits tool generates
    some incorrect warnings; a rewrite is underway.)

    I'm not aware of nits.

15. Should any informative references be normative or vice-versa? See the [IESG
    Statement on Normative and Informative References][16].

    All the references are appropriately categorized.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

    None.

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
    97][10]) that are not already listed in the [DOWNREF registry][17]? If so,
    list them.
   
    - There are (appropriate and necessary) normative references to an informational RFC: "CBOR Object Signing and Encryption (COSE): Initial Algorithms" [RFC 9053].
    - RFC 9162 has experimental status and therefore also constitutes a downref.

18. Are there normative references to documents that are not ready to be
    submitted to the IESG for publication or are otherwise in an unclear state?
    If so, what is the plan for their completion?

    No

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

    No

20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][11]).

    The IANA actions are clearly described and appropriate.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

    New IANA registries:
    - COSE Verifiable Data Structures
    - COSE Verifiable Data Structure Parameters
    I believe that the instructions for the Designated Expert are clear.


[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://wiki.ietf.org/group/ops/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://wiki.ietf.org/group/iesg/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]: https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/