Archive for July, 2019

July 8, 2019
Security Event Token (SET) delivery specifications updated in preparation for IETF 105

IETF logoThe two Security Event Token (SET) delivery specifications have been updated to address working group feedback received, in preparation for discussions at IETF 105 in Montreal. Only minor terminological updates were made to the Push Delivery spec following the working group last call (WGLC) changes in the previous recent revisions. Thanks to Annabelle Backman for the edits to the Push Delivery spec.

The changes to the Poll Delivery spec further aligned it with the Push spec, referencing shared functionality, rather than duplicating it. I believe that the Poll spec is now ready for working group last call.

The specifications are available at:

HTML-formatted versions are also available at:

July 8, 2019
Refinements to COSE and JOSE Registrations for WebAuthn Algorithms

IETF logoThe “COSE and JOSE Registrations for WebAuthn Algorithms” specification has been updated to address feedback received since working group adoption. The one breaking change is changing the secp256k1 curve identifier for JOSE from “P-256K” to “secp256k1”, for reasons described by John Mattsson. The draft now also specifies that the SHA-256 hash function is to be used with “ES256K” signatures – a clarification due to Matt Palmer.

The specification is available at:

An HTML-formatted version is also available at: