> On May 26, 2021, at 1:53 AM, John Mattsson > <[email protected]> wrote: > > I think the general CSR format for C509 need to support all the options in > the subject, subjectPublicKeyAlgorithm, and extensions of a C509 certificate. > Not sure we like to extend CWT with everything in RFC 5280. The size of the > CSR format does not seem as important as the size of the certificate format.
My thought for the long run is that there is a CBOR/CWT-based set of protocols that replace all the ASN.1/DER-based protocols. That of course includes a pure CBOR cert (based on CWT) and a pure CBOR CSR (also based on CWT). This is of course taking CWT far beyond its original intent, but that’s good because of code re use. Think of it as a flexible set of signed attributes, not as just for authentication. We’re already extending this way with EAT 10+ claims are being added. So the answer is, yes, we should extend CWT with stuff in RFC5280. Maybe not all of it and maybe using lessons learned, but it should give all the functionality needed. LL
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
