Hi, We have submitted draft-ietf-cose-cbor-encoded-cert-01. Main updates are:
- Implemented the suggestions from Laurance to make C509Certificate and array and write in text that applications that do not requiring a CBOR item can use ~C509Certificate. - Addressed all of Ilari's comments (further optimizations, and correction in the description of extention encoding), except algorithm code points, which are still to be discussed. - Renamed COSE_C5 to COSE_C509 and aligned with COSE_X509 - Defined what c5t is a hash over. - Completed the HTTPS ECDSA and RSA certificate encoding examples. - Expanded the size comparision section. It now has two tables. The first table comparing COSE_X509 and COSE_C509. The second table compaing X509, X509 + Brotli, C509, and C509 + Brotli in TLS. - Added missing specification for several extensions commonly used in HTTPS certificates. There was previously illustrated in the examples, but not in text. - Renamed CBORCertificate to C509Certificate - The document now formally replaces draft-mattsson-cose-cbor-cert-compress This -01 version should now completely align with the example compression implementation I wrote in Rust. I will release the source code as open source later today. Cheers, John From: COSE <[email protected]> on behalf of [email protected] <[email protected]> Date: Tuesday, 25 May 2021 at 15:38 To: [email protected] <[email protected]> Cc: [email protected] <[email protected]> Subject: [COSE] I-D Action: draft-ietf-cose-cbor-encoded-cert-01.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the CBOR Object Signing and Encryption WG of the IETF. Title : CBOR Encoded X.509 Certificates (C509 Certificates) Authors : Shahid Raza Joel Höglund Göran Selander John Preuß Mattsson Martin Furuhed Filename : draft-ietf-cose-cbor-encoded-cert-01.txt Pages : 42 Date : 2021-05-25 Abstract: This document specifies a CBOR encoding of X.509 certificates. The resulting certificates are called C509 Certificates. The CBOR encoding supports a large subset of RFC 5280 and all certificates compatible with the RFC 7925, IEEE 802.1AR (DevID), CNSA, and CA/ Browser Forum Baseline Requirements profiles. When used to re-encode DER encoded X.509 certificates, the CBOR encoding can in many cases reduce the size of RFC 7925 profiled certificates with over 50%. The CBOR encoded structure can alternatively be signed directly ("natively signed"), which does not require re-encoding for the signature to be verified. The document also specifies COSE headers as well as a TLS certificate type for C509 certificates. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-cose-cbor-encoded-cert-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-cose-cbor-encoded-cert-01 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
