That is a very good discussion to have. As a general CSR format for RFC 5280, CWT does however seems a bit limited. I think the general CSR format for C509 need to support all the options in the subject, subjectPublicKeyAlgorithm, and extensions of a C509 certificate. Not sure we like to extend CWT with everything in RFC 5280. The size of the CSR format does not seem as important as the size of the certificate format.
>From a client side, a CWT CSR might make things a bit easier, but if you >request a C509 certificate, you likely need to process C509 anyway. From a CA >side, the transformation from a CWT CSR to a C509 certificate would be much >more complex. A CSR attribute that is always used is of course extensionRequest. The only other attribute that seems to be used (have been used) is challengePassword. Maybe extensionsRequest is the only thing needed? C509CertificateSigningRequest = [ TBS CertificateSigningRequest, subjectProofOfPossessionValue: any, ] ; The elements of the following group are to be used in a CBOR Sequence: TBS CertificateSigningRequest = ( c509 CertificateSigningRequest Type: int, subject: Name, subjectPublicKeyAlgorithm: AlgorithmIdentifier, subjectPublicKey: any, extensionsRequest : Extensions, subjectProofOfPossessionAlgorithm: AlgorithmIdentifier, ) Cheers, John From: Laurence Lundblade <[email protected]> Date: Tuesday, 25 May 2021 at 23:38 To: John Mattsson <[email protected]> Cc: [email protected] <[email protected]> Subject: Re: [COSE] C509 Certification Request (CSR) > On May 25, 2021, at 2:28 PM, Laurence Lundblade <[email protected]> > wrote: > > ... > > What you don’t get is an issue in the format of a DN, but maybe that is a > good thing. Should have said “is a subject in the format of a DN”. Also note that attributes just become other CWT and EAT claims, again for which there is already likely to be an implementation and for which the code can be shared. LL
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
