Henk Birkholz <[email protected]> wrote: > if I get that correctly, your proposal is to send YANG modeled JSON > that includes b64url encoded CMS, wrapped in a CBOR byte string signed > via COSE?
No.
draft-ietf-anima-constrained-voucher maps the YANG model to CBOR signed by COSE.
It does this with draft-ietf-core-sid and draft-ietf-core-yang-cbor.
No JSON or CMS would be involved.
That format is only *one* possible serialization of the YANG in RFC8366.
> On 03.02.21 18:21, Michael Richardson wrote:
>>
>> Carsten Bormann <[email protected]> wrote: > On 31. Jan 2021, at 23:54,
>> Blumenthal, Uri - 0553 - MITLL > <[email protected]> wrote:
>> >>
>> >> I do not get the “re-certify the certificate” part.
>>
>> > In the Web PKI, the assumption is that every participant knows all
>> root > certificates and updates that set eagerly. In the IoT world,
>> that > doesn’t work.
>>
>> > So people are looking at alternative ways of validating a
>> certificate. > If there is a big brother/little brother relationship,
>> the little
>>
>> The RFC8366 voucher does exactly this. (And you can use it entirely
>> outside of BRSKI, as SZTP does)
>>
>> It can be serialized as COSE signed CBOR. Let's not try to mix things
>> up here, or re-invent things.
>>
>> So I am opposed to cose-x509 doing anything other than doing anything
>> other than conveying certificates.
>>
>> --
>> Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting
>> ) Sandelman Software Works Inc, Ottawa and Worldwide
>>
>>
>>
>>
>>
>> _______________________________________________ COSE mailing list
>> [email protected] https://www.ietf.org/mailman/listinfo/cose
>>
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
