You shouldn't have your crypto designed by a CEO

Author of the original medium post here. I had simply never heard of COSE at the time of writing this. There was no conspiracy to bury the spec.<p>There are a bunch of vague accusations that I&#x27;m trying to profit or rent seek off of one of the specs I did write about. I didn&#x27;t create and I don&#x27;t maintain any of those. I also wouldn&#x27;t trust any crypto designed by myself.<p>The original context for writing this post was discussions around using JOSE in the context of signing container images [1]. I was against it and preferred something simpler.<p><a href="https:&#x2F;&#x2F;github.com&#x2F;notaryproject&#x2F;notaryproject&#x2F;pull&#x2F;93" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;notaryproject&#x2F;notaryproject&#x2F;pull&#x2F;93</a>

In the spirit of nand-gate: &quot;An IETF[1] is angry and shocked that an internet does not want to use their crypto dumpsterfire&quot;<p>Case in point, the mentioned COSE format makes signatures by defining protected and unprotected attributes of the payload and then computing signatures over the Canonical CBOR encoding of the protected attributes. All this is done so that you can have parts inside your payload that can be changed without invaliding the signature, and it of course requires two-phase canonicalization. Yes, PASETO is absolutely, unequivocally a better choice than J&#x2F;COSE.<p>Sign. The. Goddarn. Bytes.<p>[1] Actually not just any IETF but the dude who made an incompatible fork of msgpack named after himself.

Maybe I just talk with a weird subset of cryptography engineers, but I&#x27;d have trouble finding any that think JOSE (or &quot;COSE&quot;) is a good message signing format. The argument that people should use JOSE or COSE simply because they&#x27;re standards is, of course, risible; the track record on IETF cryptography standards is miserable. I&#x27;m not sure why this person&#x27;s random mailing list comment merits this kind of attention, but if you need to hear another person&#x27;s response to it, sure, here it is: &quot;no&quot;.

This reads as a bizarre salty rant that othes aren’t using an IETF draft spec (CBOR&#x2F;COSE) that the author is personally working on. [1]<p>Edit: and as another commenter here points out, it is really an incompatible derivative of msgpack named after himself (CBOR; Carsten Bormann). LOL<p>[1] <a href="https:&#x2F;&#x2F;www.rfc-editor.org&#x2F;rfc&#x2F;rfc8949.html" rel="nofollow">https:&#x2F;&#x2F;www.rfc-editor.org&#x2F;rfc&#x2F;rfc8949.html</a>

Maybe there’s context I’m missing here - my only context is as a (reluctant) user of JWT, but I don’t see how the opening claim is substantiated:<p>&gt; But I can’t help seeing a whole little industry creep up that is interested in creating alternative building blocks that appear to be of interest to the creators so they can attain control over them and perform rent seeking from that control.<p>So someone wrote an article that was negative on JOSE&#x2F;JWT, and is now starting a company, which seems to have little to do with PASETO or JWT. So what? Where is the rent seeking?<p>Maybe I’m missing the bigger picture, as is sometimes the case when a post intended for an audience who are members of a mailing list shows up here without more context. But as it is it just reads like a jealous rant.

I think CBOR could be one of the reasons why WebAuthn unfortunately hasn’t gained more popularity. Would have been much easier for all parties if they would have simply used JSON and base64 or hex to encode&#x2F;decode binary data.<p>I implemented the server side of WebAuthn from scratch, and CBOR felt unnecessary, the added value of encoding binary data slightly more efficient seems a small win, given the small data size transmitted&#x2F;received in a WebAuthn authentication.

”What if crypto was as convenient as IPv6”

Dan&#x27;s team and Google has worked with our team on implementation of the DSSE spec, see <a href="https:&#x2F;&#x2F;github.com&#x2F;sigstore&#x2F;rekor&#x2F;pull&#x2F;596" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;sigstore&#x2F;rekor&#x2F;pull&#x2F;596</a>.<p>I really don&#x27;t understand the rent seeking argument. It is made completely without basis.<p>However, I&#x27;d love to see the IETF author contribute a COSE type to rekor and show how it is better than DSSE for attestations.

Can I get a simple explanation? Who is this person? What is JOSE? What is COSE? What is JWS? What is JWT? Does &quot;crypto&quot; here stand for &quot;cryptography&quot; or &quot;cryptocurrency&quot;? Why is this person angry?

While I can&#x27;t comment on the specific case or tech, and there are better examples than the one mentioned here, the criticism of companies trying to insert themselves into the building blocks of standards as a rent seeking strategy, especiallly when it comes to signing things, must absolutely be annoying.<p>I&#x27;ve been drawn into discussions about alternative security techs like white box cryptography, physically unique functions (PUFs), a variety of novel payments and data privacy technologies, and perhaps ironically, some very-uniquely sensible applications of blockchain based protocols compared to those other things.<p>I think we could put a lot of the hustles to bed if from a product and investment perspective we used the razor that betting you can outsmart your customers or market and seize some rent collecting thread in it by becoming &quot;the standard&quot; is a poor product strategy. Having your technology mandated isn&#x27;t a product, since a standard isn&#x27;t anything someone wants, it&#x27;s what they <i>must</i> use. This makes it an anti-product.<p>I have seen it with certain archetype (not referencing parties here) who think they have companies and products because they have a proof of some assertion, pedigree, and credentials, and therefore you must invest with or buy from them, because they are right, and the alternative is to not be aligned to their beliefs, which raises the question of where specifically your PhD in the field is from and whether you are even qualified to decline their offer, which is to imply - you&#x27;re stupid, and you should give them your money thank them for not exposing your ignorance. &quot;Fund this or risk humiliation,&quot; must work in institutions, but it&#x27;s not a product, which means it&#x27;s not going to get traction, and without that user traction, it&#x27;s not going to register as a candidate for a standards track.<p>In some very ancient words, &quot;nothing forced is beautiful.&quot; Not referencing the parties to the original discussion specifically, but I wanted to say there is a sympathetic case to be made for the tension between standards bodies and other chancers using all kinds of institutional shenanigans to have a go at them, and perhaps this underlying dynamic is the source of the frustration that bubbles up and was expressed in the post.

Funnily due to the position of power the CEO (or CTO) had anything designed by CEO (or CTO) is often in a bad situation wrt. Critic, changes etc.

Coinflip chance whether this is cryptography, or cryptocurrency, these days!

We should be more careful with the word &quot;crypto&quot; since these days it&#x27;s mostly a synonym for &quot;crypto-currency.&quot;<p>I had to read the article to verify that this is not the case here.