Hi! A reply and a comment below:
On Wed, 22 Jul 2020 at 13:12, Carsten Bormann <[email protected]> wrote: > Hi Joel, > > > Michael, to quickly reply to your explicit question: the new draft was > posted before the IETF 108 deadline on 2020-07-13, which is also before the > expiry dates of the three different drafts that are now combined. ( > https://datatracker.ietf.org/doc/draft-mattsson-cose-cbor-cert-compress/ ) > > That draft says in > https://datatracker.ietf.org/doc/draft-mattsson-cose-cbor-cert-compress/ > that it Replaces draft-raza-ace-cbor-certificates, > draft-mattsson-tls-cbor-cert-compress > > What is the third draft? > The current draft, draft-mattsson-cose-cbor-cert-compress-01 is the result of updating and combining: draft-raza-ace-cbor-certificates-04, draft-mattsson-tls-cbor-cert-compress-00 and draft-mattsson-cose-cbor-cert-compress-00. > > > Another observation is that while our starting point has been to encode > rfc7925 compliant certificates, we hope to make the proposal more future > proof by allowing new algorithms also deemed suitable for constrained > environments. With that target, we think it is possible to exclude RSA on > the list of supported algorithms. > > Supported for what… > > The chain may still have RSA certificates in it. > > Grüße, Carsten > Supported for being possible to parse and validate by an IoT device: if a chain has RSA certificates in it, the end device would need to implement RSA algorithms too. Which is what we have considered out of scope. From rfc7925, the following explicit constraint is stated: There are various cryptographic algorithms available to sign digital certificates; those algorithms include RSA, the Digital Signature Algorithm (DSA), and ECDSA. ... [C]ertificates are signed using ECDSA in this profile. This is not only true for the end-entity certificates but also for all other certificates in the chain, including CA certificates.This profiling reduces the amount of flash memory needed on an IoT device to store the code of several algorithm implementations due to the smaller number of options." Best Regards Joel Höglund <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Virus-free. www.avg.com <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
