{removing anima-bootstrap, since the chairs asked we close that list}
Max Pritikin (pritikin) <[email protected]> wrote:
> QUESTION FOR THE WORKING GROUP: What is your position? Why?
I favour JWT over PKCS7.
If we get to CWT.
> b) I’ve added the x5c header to the JWS. This is used to carry the
> certificate chain of the signer. Our current voucher format indicates
> PKCS7 which supports an equivalent field called “CertificateSet
It looks dumb to have a base64 field inside a JSON structure, which is then
going to be base64 encoded to be signed. For those thinking about further
constrained devices and CBOR, that duplicate encoding goes away.
> As per JWT RFC7519 this is what it looks like after URL-safe
> encoding. You can see that now the signature is included (look to the
> second to last line to see the second “.” followed by a valid
> signature):
As we are not carrying this in a URL, it was always a bit unclear to me if
there is some savings we can get. Can we avoid the base64 encoded outside
if we are on an 8-bit clean HTTPS content-type. Or does it even matter?
> Here is an equivalent PKCS7 voucher via asn1 dump. You’d have to look
> at the binary if you really want to decode it. This voucher was
> generated by MCR during the hackathon:
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
