[COSE] Re: I-D Action: draft-ietf-cose-cbor-encoded-cert-20.txt

Göran Selander <goran.selander@ericsson.com> Tue, 30 June 2026 08:28 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: cose@mail2.ietf.org
Delivered-To: cose@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id B45DA10A8AF92; Tue, 30 Jun 2026 01:28:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1782808132; bh=usZImQ09eH/3rIb6HwUtc+smg9GyXlGRipIp1Mt/QxI=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=rYPkXYVaplpchgROiGndeN98zjYhrudPuQ3sRzWOF46lLLJwb9zFuB3CDiHJDJscr 7vds4cuXzrnOAeC2Nrwpx8RV3/EjC1vklXTXnk09UfbZ7EcGEB4XLT9yJRh26b4kuQ m6pkvIky56QmCVbr/IiBIRN/MNG3JePyznRoGfhs=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.995
X-Spam-Level:
X-Spam-Status: No, score=-1.995 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qX6QDmUK-1Fv; Tue, 30 Jun 2026 01:28:51 -0700 (PDT)
Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazon11013002.outbound.protection.outlook.com [52.101.83.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id B2FBC10A8AF8B; Tue, 30 Jun 2026 01:28:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=eSKm7jgt5ylwqFO6CzZYLo/30DYbdpLUgKt7To4APfHmQWOOy8I+MKvBW3AiQD+InWpZb+Z0zI706qSbO/fbyUzWXdGFZ2DNByVM4IYoME3gEOJuf09VgfrIefaL9tTL6syHZ0Q+DPHk2ZV0o05ZRLD7hVGGOYJ3FSttgz3kPjUW4XLCkAjbEVCnMlZ/JMV7npwoHw8xoO0pIBlTCFStmbAVXqxcS+IZyoEk1Dhi8lAe+J2YUkyuz59m2fGsnMUIoutzWtWhauFO7hs0OoZrfS+w1Y/MPNiyXBm5mbb25WB4BkR+E+DDqzuxKFNqdXMhqvv2oJeLCxYCDsLYxaWlww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1FutJyNHhn6rYsHG7dsRVXwfNmRWLeNZgz1/GIjfuzU=; b=deg8OpIux1pLJoJFNhlp1iyVivgl3omF/bv1/o0bIOEKG+/ixnrQvF0kQrs5PeBOiwvUwkjMyP7qh3p9IrMhiLkfkDsFOG2Dz9dgymA7PQh4YUqzNWVff3EAQ0kvnN2isMBjtR5ZnZcSGAjqPNJHI/68jYpdJc5QghDgaytKvD7iIziS+JcrL656M7Y3LWlIKMb0OqM/xR3Awv0gQEB+WV0blvEu6pyFh6hawxvI2H3hnuW/TteVFmHrf0uGhk/btBm+cjirUx6zjmZvUaqH/xS4eH2D8wQb5wvsazgh5h/+tnVgz5oeSYfi8vVi/Fg0jU5kLS1c8iAhk2D1QU6l4g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1FutJyNHhn6rYsHG7dsRVXwfNmRWLeNZgz1/GIjfuzU=; b=nfIG6/wsx24hQNFpRsuxuHiwF1TWO/wVSt2GPEApdH0TAHHBwJ3Gpvqr06ztsQUcMNooL5/Kb+MpTaqr1Q9nUcJgRqMGyusV9+RLe9tqEqJYZ8fmLs6235z0gt1RxYUDM8jEwh07Xctw86Oe3+icY6beqR4SCQ0srmghRd914KbpZuYc2n57bjeVPVxIv0OPtXCXRwS0ofL4CN/BhboeqmDTwlMjL6INZYNA+rGNH8+FZuHTm7qjwZheLUxKPYSkaJN31IvwfXthhPxjA89llwHuw/UlghF+moIluq+WVCzQkGjWrai3LXHJaRExeRY9BdXDllTGZINuwpIN3G5stA==
Received: from AS1PR07MB8477.eurprd07.prod.outlook.com (2603:10a6:20b:4df::14) by PAWPR07MB11169.eurprd07.prod.outlook.com (2603:10a6:102:50a::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.181.8; Tue, 30 Jun 2026 08:28:34 +0000
Received: from AS1PR07MB8477.eurprd07.prod.outlook.com ([fe80::c30e:d3d9:b753:66d7]) by AS1PR07MB8477.eurprd07.prod.outlook.com ([fe80::c30e:d3d9:b753:66d7%4]) with mapi id 15.21.0181.008; Tue, 30 Jun 2026 08:28:34 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: "cose@ietf.org" <cose@ietf.org>, "i-d-announce@ietf.org" <i-d-announce@ietf.org>
Thread-Topic: [COSE] I-D Action: draft-ietf-cose-cbor-encoded-cert-20.txt
Thread-Index: AQHdCGmwQvZZ3oyKtkS+LcmPzOtTxLZWwqG5
Date: Tue, 30 Jun 2026 08:28:34 +0000
Message-ID: <AS1PR07MB847762948A2EE595E8DDCFE7F4F72@AS1PR07MB8477.eurprd07.prod.outlook.com>
References: <178280777809.2137421.5091924490088160571@dt-datatracker-f9b87776f-xzl65>
In-Reply-To: <178280777809.2137421.5091924490088160571@dt-datatracker-f9b87776f-xzl65>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AS1PR07MB8477:EE_|PAWPR07MB11169:EE_
x-ms-office365-filtering-correlation-id: 66ced562-6aa4-42b0-741f-08ded6819376
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|23010399003|1800799024|10070799003|376014|4022899009|366016|38070700021|13003099007|22082099003|18002099003|11063799006|56012099006|6133799003|8096899003|4133799003|3023799007;
x-microsoft-antispam-message-info: 0YDc58AqFLtSQ4e+ktse5AGsaYfTpqepTd3tdN/TmXxEvZrAHGipknKOnka1BxOXQszqfSTPP8sjUrJA7yVIDNJrwsP4QwQHkbD6OXbe+m58Pn0FTcWR5ZnWP82UYDwHm8ym3XrTbQDLngBNrUUOP82eygHUVbp+shcbfF4TfQsmdgAiWu39dXCcErqgi/nJoYuokH/hsmwmbaelyX9k4bruDC+Z/4oiZCY3kt9Mh90QeOt0Qo5TIz/VObqV5rZII8ZUQxs7fN1rezDwcvirI3Wl+mIYpgpZhaB6PEtZ0epgq4JFfCvCjneXnm0qIE5tZYsoOTlUqQeQN/jum3kGuN2tg5N85C7k0JQh5o8TPssmln7XTiXUlTPOcT7IplTVWw1wQwkWzR0aLCK7FqgLIlrGqGuGQ3i6jkthJiVObPw6pA5AC7vgJxSwwB/Mzoq/HAPhFR93Lx6zIYv49BLg/xgKhSt/D4lQpkeD84D3pq/mcT6XPqR5bDuBNq8S/LUrjZ7VLAd9s20RwD9l6p1YrZJkrjG4X3DrFTdvxWQd0Z1ukxtI7xKjZZVnZl1DGlXvqMZ9vu/Xx0SlPLjE5RJLA6HsPwXGXaJarFddRdsdTRUPiA4eiXF4JFIEI0LujZpeEvyLBTgLbIu/zF9CFIF1+mNL5p3fFXfdt6AcXZn52bkvNvfY/ZCbnCX0+5z2vFSf8WM/3m7p2f+TaRm7CYEq671xa4wjGipsvJkEMVDzpW8=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS1PR07MB8477.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(23010399003)(1800799024)(10070799003)(376014)(4022899009)(366016)(38070700021)(13003099007)(22082099003)(18002099003)(11063799006)(56012099006)(6133799003)(8096899003)(4133799003)(3023799007);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: 9CatyPBa62oqb+Knoqc3bY9M0FTuGzI1eqYNJjaegQJB0h25qpMkaButnyG3QCCyblLQP1hhJhiuhHTh7BZUgpi4924va7cZhaaD7zozdNCMh4Ae7JGMVa8HE6cH7Qg0Boqf85FShXsD9S/5yIwIY02PEYmCfLPTpJR2nxJYIxzSUf1e6CF+nIOIwqzxbIQDbuHuip3Vawyy3sDPkVci86wO01UsILt1bT5e6cyzl/xKyax1fIU+KpOSKOqtepFEIcfcypW2ts50QkPm4O4B00POMDEzYlPE6mzaS2AleFO+FPID+EEVdYKC2lz19f7N3KnPclCyXONHVJgAaDOncERaGNN9v/uB8xRpICODZWNxI0PhkTcuee2dRB51UhWVS7YYbk8W96elcv/WFG4PA9I9cFrl3AOb2jGQBfzPn0+sgyUqSHYzMjo3TiEhXUwskzmE6l7KYj9H3asRi6qpfk33skdOOKMKy0pCJ5tWuZCe/8f3BNJw1tVqxtqk+xhLiCx500f/o/y02U20SkJrCniZHFCavtlMhkRkZehzlUW7r7uqWhA0V/2OkCAfCqGPfGTzGmgOUGWhIwkiVTj+g6a4Eu+QhAsBEkXpouB4GTMmReoItApiSonafTu77EIJ0wwtC5kBRlDfCf+evcDw/o2fE7vf/yFl8zfZtEBSk28kH0IyqJTw9Ha2ztvfpQIpHB+4EsOPSrk1rxDXvsB6DBL0Qrj1Nb9bYMr8Q5FEVUmy11ODQ8nRVPdvgGmBXXZOFabfcWxv6StHN49wEoUHiq0cu5UbIFXIb0PLEzM4iUBMVFfZrSpi6ks3u9t9nefXYbDltFPJq8mWjM9dqHz6XxAH9d+qIHGMGPSGPmmacffkFkiZEaQ8eZvWxG5HgFHmRBgWGET1/7j4GdQWHRVymw5vngcfyK9nSjAcPiQBnddRFH90koiEvp7Y1Ujol3sGp8+3iZq6gbH9TRFQrmiKVbbnH2fPJHO1a2MyA8g3QboOHEUB0nX9ft9YXD+B/TfFflQHjjctD7NVzD6AVmXU2sTiwgh5bH65+Ppa/OYPudk0cEyTN3Jw7I6m72pg9rjx5FGqN/d5v5X+3SEt+Oi0bI9BLsXr4Go58v4p9Z6trYmgsh30oRH81yZhAV0ibp8KSm0Y1Vn67PHvJHpAeUNtaXL59T/O7crV4tmy9dxOduv/YgSRuvMFRlWjsstjRryZxtcy17hzGYpg8uQvytMptMDgm+oh9a+6TJX13o8uv+Dd9sNr/cmT+4XUMxZO4avWLoEVLy1M3bWOHya3WjiuNxE7RRAeEeAie8qaOcC2OUtKg1Ti/7KxndToaSxO+6mCYJhJ53xQZtHX12TIA4a3Pwrdad/fyWLWCdcYw7ouTxDGq9O6mvNlquxln1Gr1zMsUMZy4tr5luqYEhXSrwW0DeClW6WJcWdGh5f9XA0Y/9T1T1fQKvecXfA0SbBOImChWhYdSd3H+1aUh2q5cYKIc9UcRpV1AQ1k3tmHLGr1qEqwdXjZO4U/ZEu6bdLklXVXCWpsJ33h1fZbHk+ZhKdI6zWXldHCS8oGSN81aV7dYWaQU6gdrbK9ZMC8n9HlKrGqAHOxpUjQ3O8OtMigPZVKDyGmr95VqvEBFQjq5ThckOlc9kAaUKWalZ4Y/5k6jNTmuDB+zBkrf21uhR/fKx8tDp4t0GxtSBfOxI3ZXsfHMMaItqnVvnD93ogdRqCpOUoV6ZSZm26LKU7hYH/UwXCWP5nXz9F/SDjhfVJRiptqukojph4P2qKxwtMm/THe5HGgWyrgIcXH
x-ms-exchange-antispam-messagedata-1: la4zkjrRj0OpxzmhmrPARkpi24g2GHbjFsD69nfx7djBLA1uSOlvWmWv
Content-Type: multipart/alternative; boundary="_000_AS1PR07MB847762948A2EE595E8DDCFE7F4F72AS1PR07MB8477eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS1PR07MB8477.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 66ced562-6aa4-42b0-741f-08ded6819376
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jun 2026 08:28:34.5486 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: rPkRGI1lB3zPnT/sXX1HUJwcTp9n5ccCt74iiPcww1UL94CUA+4zuzBi+0AKBlKMr8U2x2uObh9LBY4G21Uc/SZ+DV7njztlJtcBbJVbTpk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR07MB11169
Message-ID-Hash: LXML3P5KB2U3XLQ66BWAEVMVU6PWME63
X-Message-ID-Hash: LXML3P5KB2U3XLQ66BWAEVMVU6PWME63
X-MailFrom: goran.selander@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "cose@ietf.org" <cose@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [COSE] Re: I-D Action: draft-ietf-cose-cbor-encoded-cert-20.txt
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/6ZIhTLte_org2dXmazFaUrrLd7s>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Owner: <mailto:cose-owner@ietf.org>
List-Post: <mailto:cose@ietf.org>
List-Subscribe: <mailto:cose-join@ietf.org>
List-Unsubscribe: <mailto:cose-leave@ietf.org>

Hi,

We have made a small update to C509 following the IESG review.


The details are in #393<https://github.com/cose-wg/CBOR-certificates/issues/393>, #394<https://github.com/cose-wg/CBOR-certificates/issues/394>, #395<https://github.com/cose-wg/CBOR-certificates/issues/395>, here is a summary:

* C509CertData (or an array of C509CertData) is the object being transported, and it is now defined as the byte string wrapped array C509Certificate, rather than byte string wrapped CBOR sequence ~C509Certificate. This is a simplification and a harmonization with existing definitions such as C509CertificationRequest and things yet to be defined such as C509CRL. Consequently, the C509 certificate hash is calculated over the array instead of the CBOR sequence, thereby avoiding the need to handle ~C509Certificate.

* Added array wrapping to the test vectors.

* Alignment with RFC 9360. Changing the definition of application/cose-c509-cert and using the name "application/cose-c509" to mean what application/cose-c509-cert used to mean. In this way the definitions of COSE headers c5u and c5u-sender becomes analogous to x5u and x5u-sender.

* Added structured suffix “+cbor" to all media types (thanks Brian!).

* Fixed bug in "Statement of Possession of a Private Key" attribute where the 'cert' field that previously contained C509Certificate is now replaced with C509CertData, thus allowing handling of certificate data without CBOR parsing.


Göran

From: internet-drafts@ietf.org <internet-drafts@ietf.org>
Date: Tuesday, 30 June 2026 at 10:23
To: i-d-announce@ietf.org <i-d-announce@ietf.org>
Cc: cose@ietf.org <cose@ietf.org>
Subject: [COSE] I-D Action: draft-ietf-cose-cbor-encoded-cert-20.txt

Internet-Draft draft-ietf-cose-cbor-encoded-cert-20.txt is now available. It
is a work item of the CBOR Object Signing and Encryption (COSE) WG of the
IETF.

   Title:   CBOR Encoded X.509 Certificates (C509 Certificates)
   Authors: John Preuß Mattsson
            Göran Selander
            Shahid Raza
            Joel Höglund
            Martin Furuhed
            Lijun Liao
   Name:    draft-ietf-cose-cbor-encoded-cert-20.txt
   Pages:   98
   Dates:   2026-06-30

Abstract:

   This document specifies a CBOR encoding of X.509 certificates.  The
   resulting certificates are called C509 certificates.  The CBOR
   encoding supports a large subset of RFC 5280 and common certificate
   profiles, and it is extensible.

   Two types of C509 certificates are defined.  One type is an
   invertible CBOR re-encoding of DER-encoded X.509 certificates with
   the signature field copied from the DER encoding.  The other type is
   identical except that the signature is computed over the CBOR
   encoding instead of the DER encoding, thereby avoiding the use of
   ASN.1.  Both types of certificates have the same semantics as X.509
   while providing comparable size reduction.

   This document also specifies CBOR-encoded data structures for
   certification requests and certification request templates, new COSE
   headers, as well as a TLS certificate type and a file format for
   C509.  This document updates RFC 6698 by extending the TLSA selectors
   registry to include C509 certificates.

The IETF datatracker status page for this Internet-Draft is:
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-cose-cbor-encoded-cert%2F&data=05%7C02%7Cgoran.selander%40ericsson.com%7Ce6a160cb4c9740ac9e6808ded680cea7%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C639184045910247437%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=M8SY3yhI%2BmkpwGgcpQiO64ZsKFiSnwXfL5rtiFYNTg4%3D&reserved=0<https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/>

There is also an HTML version available at:
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Farchive%2Fid%2Fdraft-ietf-cose-cbor-encoded-cert-20.html&data=05%7C02%7Cgoran.selander%40ericsson.com%7Ce6a160cb4c9740ac9e6808ded680cea7%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C639184045910359325%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=l4DG37e9xnaccruIyxOqiPzB3oWoJcHM1NgGRSHNv0w%3D&reserved=0<https://www.ietf.org/archive/id/draft-ietf-cose-cbor-encoded-cert-20.html>

A diff from the previous version is available at:
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fauthor-tools.ietf.org%2Fiddiff%3Furl2%3Ddraft-ietf-cose-cbor-encoded-cert-20&data=05%7C02%7Cgoran.selander%40ericsson.com%7Ce6a160cb4c9740ac9e6808ded680cea7%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C639184045910457165%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=CbS3WixzvUAusArXO9BfbZdnytkS21CbsLruo%2Bzpy5Y%3D&reserved=0<https://author-tools.ietf.org/iddiff?url2=draft-ietf-cose-cbor-encoded-cert-20>

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts


_______________________________________________
COSE mailing list -- cose@ietf.org
To unsubscribe send an email to cose-leave@ietf.org