Given all the work that has been done on C509, doing a culturally compatible CSR seems like a no-brainer to me.
This doesn’t mean that we don’t want to have signing requests for CWT, to the contrary. But maybe we want to use the somewhat wider scope that CWTs have, to distinguish requesting different forms (and semantics!) of signed assertions. I think it would be good to check our agreement in this group that having a C509-shaped CSR is not a replacement for or an obstacle to developing requests for CWT-shaped signed assertions. Grüße, Carsten _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
