Carsten Bormann <[email protected]> wrote:
joel> Another observation is that while our starting point has been to
joel> encode rfc7925 compliant certificates, we hope to make the proposal
joel> more future proof by allowing new algorithms also deemed suitable
joel> for constrained environments. With that target, we think it is
joel> possible to exclude RSA on the list of supported algorithms.
> Supported for what…
> The chain may still have RSA certificates in it.
exactly!
I think that the cost is just a single code point.
We are optimizing for network bandwidth, not CPU cycles.
Constrained "environments" isn't specific enough.
In particular, device IDevID or device LDevID, while maybe ECDSA on the
device, may have a chain that anchors up to some pre-existing CA
which can not for legacy reasons be ECDSA (yet).
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
