Not quite a WGLC review, but here's what a group of students had to say about draft-ietf-cose-msg-12.txt as part of a recent class assignment (with permission, excerpted and translated by yours truly).
(Please don't read this as a criticism of CMS, the students just happened to need to look at both CMS and COSE for the assignment.) My main point here is that the -msg draft indeed appears to be quite accessible for new people to acquaint themselves with COSE, and I'm happy to see that we seem to have achieved that. Grüße, Carsten ... The COSE draft provides current encryption algorithms and hashes (EdDSA, SHA-2, AES, ChaCha20/Poly1305, ECDH). It is prepared for the future by using IANA for defining and publishing identifiers for new algorithms, so that the relevant algorithms can all be found in one place. ... Since COSE is based on CBOR, some information can be expressed in a more compact and simple way [than with CMS]. A single CBOR parser can be used for all formats. In addition, all formats have a very similar structure that is sharing the header: an array containing two headers with meta information as well as a field for payloads and optional fields for signatures and recipients. COSE has been developed for the use on devices with constrained resources, so the parsing of the packets should use minimal time, energy and memory. ... [In comparing CMS and COSE:] There is no equivalent [in COSE] for the Digested-data Content Type [in CMS]. ... In reading the available source documents it became apparent that the COSE draft places a lot more attention on examples and howto's, making the draft much more readable. ASN.1 is getting in the way of understanding, CBOR is easier to understand. Also, there are no test vectors in the CMS RFCs we used. _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
