Carsten Bormann <[email protected]> wrote: >> So, this proposes to use CBOR to "compress" JSON, preserving JWT/JOSE >> signatures, rather than using CWT. I'm not sure what I think of this as yet.
> My summary: JSCN is great if you actually *have* to process
> JOSE-signed/-encrypted material (such as JWTs) on a device on a
> constrained network. JSCN is more compact than pure JOSE. It does,
> however, carry all the complexity that JSON brings with it down to the
> device: You need to reconstruct actual JSON to generate the signing
> inputs.
Agreed.
> If the source of the protected material can be made constrained-aware,
> COSE and CWTs are the better choice. One of the objectives of the
> two-tier architecture of constrained/less-constrained devices is to
> keep as much of the business logic and complexity up in the
> less-constrained devices, which then provide simple, unambiguous
> instructions to the constrained devices. But even if you don’t have
> that architecture, in a new protocol you can avoid the complexity that
> would limit coverage of low-resource, low-energy devices.
I agree. I see it easier to teach non-constrained devices new tricks.
I'm not convinced we can use any of the deployed JOSE infrastructure
*completely* unchanged, so as long as changes are needed...
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
