[COSE] "CBOR Certificates"
Michael Richardson <mcr+ietf@sandelman.ca> Thu, 11 February 2021 21:39 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5ECF43A0BA0 for <cose@ietfa.amsl.com>; Thu, 11 Feb 2021 13:39:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V1x_SxzVm2xA for <cose@ietfa.amsl.com>; Thu, 11 Feb 2021 13:39:28 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A036B3A0B8F for <cose@ietf.org>; Thu, 11 Feb 2021 13:39:28 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 358FC38A5F for <cose@ietf.org>; Thu, 11 Feb 2021 16:42:48 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id UvsNIUQoxMoF for <cose@ietf.org>; Thu, 11 Feb 2021 16:42:47 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id CB9CA38A59 for <cose@ietf.org>; Thu, 11 Feb 2021 16:42:47 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id ABA2E320 for <cose@ietf.org>; Thu, 11 Feb 2021 16:39:24 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: cose@ietf.org
In-Reply-To: <d197e8c500c7f1b284c74f3d25985df845d722c2.camel@aisec.fraunhofer.de>
References: <5C2A6065-AC5E-4702-A94D-F72C85BD6DAC@ericsson.com> <452ddae14b19ac8a6b98cdbbb20edede@bbhmail.nl> <4c5a7de2-e855-3bb7-cc6d-abfaa86c09dd@ri.se> <d197e8c500c7f1b284c74f3d25985df845d722c2.camel@aisec.fraunhofer.de>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 11 Feb 2021 16:39:24 -0500
Message-ID: <2214.1613079564@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/Q47E3nUQyrvD0xvWH6D8ikVi8k0>
Subject: [COSE] "CBOR Certificates"
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2021 21:39:31 -0000
So, draft-mattsson-cose-cbor-cert-compress has in it's title: CBOR Encoding of X.509 Certificates (CBOR Certificates) Section 7 is: _Natively Signed CBOR Certificates_ and I strongly believe that we should remove this section, and the title. This is going to very confusing. And section 7 is not sufficient to really have native CBOR Certificates. It even says that it's an intermediate step. CBOR encoded X.509 certificates provides an intermediate step between [RFC7925] or [IEEE-802.1AR] profiled X.509 certificates and natively signed CBOR certificates: An implementation of CBOR encoded X.509 certificates contains both the CBOR encoding of the X.509 certificate and the signature operations sufficient for natively signed CBOR certificates. So if this document confuses people into thinking that this intermediate step are "CBOR Certificates", then when we actually do that (as LGL and others want to do with EAT), then there will be mass confusion. So, if that term could be struck from this otherwise excellent document on compressing PKIX certificates, that would be nice. (ps: I have some IDevID examples which I can share. I've been trying to compress them, but haven't done the OID compression that I need yet) -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
- [COSE] "CBOR Certificates" Michael Richardson
- Re: [COSE] "CBOR Certificates" Göran Selander
- Re: [COSE] "CBOR Certificates" John Mattsson
- Re: [COSE] "CBOR Certificates" Carsten Bormann
- Re: [COSE] "CBOR Certificates" John Mattsson
- Re: [COSE] "CBOR Certificates" Göran Selander
- Re: [COSE] "CBOR Certificates" Carsten Bormann
- Re: [COSE] "CBOR Certificates" Michael Richardson
- Re: [COSE] "CBOR Certificates" Carsten Bormann
- Re: [COSE] "CBOR Certificates" Michael Richardson
- Re: [COSE] "CBOR Certificates" John Mattsson
- Re: [COSE] "CBOR Certificates" Michael Richardson
- Re: [COSE] "CBOR Certificates" Carsten Bormann
- Re: [COSE] "CBOR Certificates" Laurence Lundblade