John Mattsson <[email protected]> wrote: >>> - There was a suggestion that SHA-1 algorithms should get large >>> values, >but sha1WithRSAEncryption is still one of the most common >>> algorithm. It is >quite commonly used in self-signed root certificates, >>> where it is fine to >do so.
>> When do you see the transmission of the root certificate? TLS sends
>> the certification path up to, but not including, the root certificate.
> Good point. Not as often as other certificates, but the root
> certificates need to be transfered to the IoT devices at least once in
> the factory or when they are deployed. IoT devices may want to store
> there root certificates as CBOR certificates to save storage and
> memory. Compressed root certificates would not even have to be
> decompressed again.
I disagree.
If deployed at the factory, then they are likely baked into firmware, or
installed via JTAG, or if done over a network, this won't matter.
As for storing, it only needs the public key part, which would be best to
store in whatever the native big-integer format is. (Maybe more bytes, but
no need to convert to another form)
It might need an index in the form of the Issuer DN.
I hope that the compression of DNs will be distinguished such that there is
only one way to do it, and one can compare the compressed forms rather than
having to expand it to be sure.
I don't feel confident that this will be the case because I think that there
will always be an "out" where raw DER bits can be included for things that
the compressor doesn't know how to deal with. So a stupid compressor might
produce a bigger result than a smarter compressor.
I also wonder about this work in the context of Packed CBOR.
Should we restart our thinking assuming that we are really just building a
static directory for Packed CBOR? I suspect that this bespoke compression
will do better for bytes-on-the wire, but what is the code size impact,
assuming that Packed CBOR code was already available?
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
