- secp256r1 is supported and included in Figure 9. Fig 4? Are you maybe reading some old version?
- C509 is CBOR encoding of X509. It follows X.509 and does should not really go into security aspects of the algs. Also note that the signature would be made by a CA, not an IoT device. John From: COSE <[email protected]> on behalf of Rene Struik <[email protected]> Date: Thursday, 11 March 2021 at 23:54 To: Ivaylo Petrov <[email protected]>, cose <[email protected]> Cc: Cose Chairs Wg <[email protected]> Subject: Re: [COSE] Conditional call for adoption: draft-mattsson-cose-cbor-cert-compress Dear colleagues: I think considering ways to represent certificates more efficiently may be useful, where this draft could be a possible starting point to work from. I have not yet read the entire draft, but am wondering about some of the underlying philosophies, where, e.g., (a) in Fig. 4 (CBOR Cert Public Key Algorithms), NIST curve P-256 is not supported, whereas curves isomorphic to Curve25519 are, which seems to be inconsistent; (b) in Fig. 3 (CBOR Cert Signature Algorithms), EdDSA is supported, whereas this deterministic scheme is known to be susceptible to single-fault attacks, which seems to be contrary to best current practice. The above comments should not prevent using this draft as a starting point, though. Best regards, Rene On 2021-03-02 4:46 p.m., Ivaylo Petrov wrote: Dear all, This message starts the conditional call for adoption of the following draft : * draft-mattsson-cose-cbor-cert-compress-08 - https://datatracker.ietf.org/doc/html/draft-mattsson-cose-cbor-cert-compress-08 In previous meetings and email discussions, we have already discussed this draft on multiple occasions. It appears to us that there is significant support for the adoption of this document. If you have read the draft, please indicate whether you support its adoption as a working group item or not. As it appears that there is sufficient support for adopting it, we are especially interested in knowing if there are any objections. Please note that the adoption of this work is dependent on the result of the COSE WG rechartering. If the new charter is accepted in a form that allows this work to be taken in COSE, the result of this adoption call will be taken into account. We would like to remind you that adoption does not mean they are finished, only that they are an acceptable starting point. This call will run slightly less than two weeks, ending on March 12. Please try to respond before that date. Best regards, - Matthew and Ivaylo COSE Working Group Chairs _______________________________________________ COSE mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/cose -- email: [email protected]<mailto:[email protected]> | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 287-3867
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
