I'd like toh second Phil's concerns here.
A proliferation of security standards, even when there are levels of
interoperability between them, is problematic for interoperability.
The folks proposing JOSE were required to make a very strong
justification about why we needed something JSON based in addition to
our existing security standards.
I believe they did that.
However, I don't think the constrained devices area has made a
justification explaining why
1) They need something different
2) They don't need interoperability with the rest of the world.
Even if constrained devices could benefit from a different encoding, if
they need interoperability, we still run into problems. In the
discussions leading to DICE ACE, and COAP, arguments were made that there
would be proxies between the rest of the world and the constrained
network, so it was acceptable that we used different protocols.Th
These arguments basically don't apply to object signing and encryption.
Based on the charter, this working group sounds like a really bad idea,
flying in the face of interoperability and the IETF's mission.
I do not support chartering this work.