Carsten Bormann <[email protected]> wrote: > Given all the work that has been done on C509, doing a culturally > compatible CSR seems like a no-brainer to me.
To me, that means that the attributes can be expressed in (compressed) OIDs.
Having built a CA that processes CSRs in non-trivial ways, if the signature
is not compatible, then it's a new code path.
I need a dict/map of attributes and then I have to map that into my
certificate format.
> This doesn’t mean that we don’t want to have signing requests for CWT,
> to the contrary. But maybe we want to use the somewhat wider scope
> that CWTs have, to distinguish requesting different forms (and
> semantics!) of signed assertions.
> I think it would be good to check our agreement in this group that
> having a C509-shaped CSR is not a replacement for or an obstacle to
> developing requests for CWT-shaped signed assertions.
I would agree with that, but I also see a point in creating something that
isn't RFC5280/etc. CSR and isn't a CWT. That's an extra deadend codepath.
Or, I object to not using CWT.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
