--- 1/draft-ietf-cose-webauthn-algorithms-05.txt	2020-05-13 18:13:04.461241285 -0700
+++ 2/draft-ietf-cose-webauthn-algorithms-06.txt	2020-05-13 18:13:04.489241993 -0700
@@ -1,18 +1,18 @@
 
 COSE Working Group                                              M. Jones
 Internet-Draft                                                 Microsoft
-Intended status: Standards Track                        January 29, 2020
-Expires: August 1, 2020
+Intended status: Standards Track                            May 13, 2020
+Expires: November 14, 2020
 
           COSE and JOSE Registrations for WebAuthn Algorithms
-                 draft-ietf-cose-webauthn-algorithms-05
+                 draft-ietf-cose-webauthn-algorithms-06
 
 Abstract
 
    The W3C Web Authentication (WebAuthn) specification and the FIDO
    Alliance Client to Authenticator Protocol (CTAP) specification use
    CBOR Object Signing and Encryption (COSE) algorithm identifiers.
    This specification registers the following algorithms in the IANA
    "COSE Algorithms" registry, which are used by WebAuthn and CTAP
    implementations: RSASSA-PKCS1-v1_5 using SHA-256, SHA-384, SHA-512,
    and SHA-1, and ECDSA using the secp256k1 curve and SHA-256.  It
@@ -31,21 +31,21 @@
    Internet-Drafts are working documents of the Internet Engineering
    Task Force (IETF).  Note that other groups may also distribute
    working documents as Internet-Drafts.  The list of current Internet-
    Drafts is at https://datatracker.ietf.org/drafts/current/.
 
    Internet-Drafts are draft documents valid for a maximum of six months
    and may be updated, replaced, or obsoleted by other documents at any
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
 
-   This Internet-Draft will expire on August 1, 2020.
+   This Internet-Draft will expire on November 14, 2020.
 
 Copyright Notice
 
    Copyright (c) 2020 IETF Trust and the persons identified as the
    document authors.  All rights reserved.
 
    This document is subject to BCP 78 and the IETF Trust's Legal
    Provisions Relating to IETF Documents
    (https://trustee.ietf.org/license-info) in effect on the date of
    publication of this document.  Please review these documents
@@ -80,29 +80,29 @@
    Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .  12
    Document History  . . . . . . . . . . . . . . . . . . . . . . . .  12
    Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  13
 
 1.  Introduction
 
    This specification defines how to use several algorithms with CBOR
    Object Signing and Encryption (COSE) [RFC8152] that are used by
    implementations of the W3C Web Authentication (WebAuthn) [WebAuthn]
    and FIDO Alliance FIDO2 Client to Authenticator Protocol (CTAP)
-   [CTAP] specifications.  These specification registers these
-   algorithms in the IANA "COSE Algorithms" registry
-   [IANA.COSE.Algorithms] and registers an elliptic curve in the IANA
-   "COSE Elliptic Curves" registry [IANA.COSE.Curves].  This
-   specification also registers a corresponding algorithm for use with
-   JSON Object Signing and Encryption (JOSE) [RFC7515] in the IANA "JSON
-   Web Signature and Encryption Algorithms" registry
-   [IANA.JOSE.Algorithms] and registers an elliptic curve in the IANA
-   "JSON Web Key Elliptic Curve" registry [IANA.JOSE.Curves].
+   [CTAP] specifications.  This specification registers these algorithms
+   in the IANA "COSE Algorithms" registry [IANA.COSE.Algorithms] and
+   registers an elliptic curve in the IANA "COSE Elliptic Curves"
+   registry [IANA.COSE.Curves].  This specification also registers a
+   corresponding algorithm for use with JSON Object Signing and
+   Encryption (JOSE) [RFC7515] in the IANA "JSON Web Signature and
+   Encryption Algorithms" registry [IANA.JOSE.Algorithms] and registers
+   an elliptic curve in the IANA "JSON Web Key Elliptic Curve" registry
+   [IANA.JOSE.Curves].
 
 1.1.  Requirements Notation and Conventions
 
    The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
    "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
    "OPTIONAL" in this document are to be interpreted as described in BCP
    14 [RFC2119] [RFC8174] when, and only when, they appear in all
    capitals, as shown here.
 
 2.  RSASSA-PKCS1-v1_5 Signature Algorithm
@@ -235,21 +235,21 @@
    generation method.
 
    The ECDSA secp256k1 SHA-256 algorithm specified in this document uses
    these identifiers:
 
    +----------+-------------------+----------------------+-------------+
    | JOSE Alg | COSE Alg Value    | Description          | Recommended |
    | Name     |                   |                      |             |
    +----------+-------------------+----------------------+-------------+
    | ES256K   | TBD (requested    | ECDSA using          | Yes         |
-   |          | assignment -46)   | secp256k1 curve and  |             |
+   |          | assignment -47)   | secp256k1 curve and  |             |
    |          |                   | SHA-256              |             |
    +----------+-------------------+----------------------+-------------+
 
                       Table 2: ECDSA Algorithm Values
 
    Implementation of this algorithm is recommended because of its
    widespread use in decentralized systems and those that chose it over
    the NIST curves.
 
    When using a JWK or COSE_Key for this algorithm, the following checks
@@ -315,21 +315,21 @@
    o  Reference: Section 2 of this document
    o  Recommended: No
 
    o  Name: RS1
    o  Value: TBD (temporary assignment -65535 already in place)
    o  Description: RSASSA-PKCS1-v1_5 using SHA-1
    o  Reference: Section 2 of this document
    o  Recommended: Deprecated
 
    o  Name: ES256K
-   o  Value: TBD (requested assignment -46)
+   o  Value: TBD (requested assignment -47)
    o  Description: ECDSA using secp256k1 curve and SHA-256
    o  Reference: Section 3.2 of this document
    o  Recommended: Yes
 
 4.2.  COSE Elliptic Curves Registrations
 
    This section registers the following value in the IANA "COSE Elliptic
    Curves" registry [IANA.COSE.Curves].
 
    o  Name: secp256k1
@@ -512,29 +512,37 @@
               Balfanz, D., Czeskis, A., Hodges, J., Jones, J., Jones,
               M., Kumar, A., Liao, A., Lindemann, R., and E. Lundberg,
               "Web Authentication: An API for accessing Public Key
               Credentials - Level 1", World Wide Web Consortium
               (W3C) Recommendation, March 2019,
               <https://www.w3.org/TR/2019/REC-webauthn-1-20190304/>.
 
 Acknowledgements
 
    Thanks to Stephen Farrell, John Fontana, Jeff Hodges, Kevin Jacobs,
-   J.C.  Jones, Benjamin Kaduk, Neil Madden, John Mattsson, Tony
-   Nadalin, Matt Palmer, Jim Schaad, Goeran Selander, Wendy Seltzer,
-   Sean Turner, and Samuel Weiler for their roles in registering these
-   algorithm identifiers.
+   J.C.  Jones, Benjamin Kaduk, Murray Kucherawy, Neil Madden, John
+   Mattsson, Tony Nadalin, Matt Palmer, Jim Schaad, Goeran Selander,
+   Wendy Seltzer, Sean Turner, and Samuel Weiler for their roles in
+   registering these algorithm identifiers.
 
 Document History
 
    [[ to be removed by the RFC Editor before publication as an RFC ]]
 
+   -06
+
+   o  Addressed Area Directory review comment by Murray Kucherawy (which
+      requested an editorial correction).
+
+   o  Changed requested assignment for ES256K from -46 to -47, due to an
+      assignment conflict.
+
    -05
 
    o  Removed unused reference to RFC 7049.
 
    -04
 
    o  Added explanatory comments on design decisions made that were
       discussed on the mailing list that Jim Schaad requested be added
       to the draft.