> On May 18, 2017, at 20:27, Michael Richardson <[email protected]> wrote: > > > So, this proposes to use CBOR to "compress" JSON, preserving JWT/JOSE > signatures, rather than using CWT. I'm not sure what I think of this as yet.
My summary: JSCN is great if you actually *have* to process JOSE-signed/-encrypted material (such as JWTs) on a device on a constrained network. JSCN is more compact than pure JOSE. It does, however, carry all the complexity that JSON brings with it down to the device: You need to reconstruct actual JSON to generate the signing inputs. If the source of the protected material can be made constrained-aware, COSE and CWTs are the better choice. One of the objectives of the two-tier architecture of constrained/less-constrained devices is to keep as much of the business logic and complexity up in the less-constrained devices, which then provide simple, unambiguous instructions to the constrained devices. But even if you don’t have that architecture, in a new protocol you can avoid the complexity that would limit coverage of low-resource, low-energy devices. Grüße, Carsten _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
