> On May 26, 2021, at 3:45 AM, Carsten Bormann <[email protected]> wrote:
>
> I think it would be good to check our agreement in this group that having a
> C509-shaped CSR is not a replacement for or an obstacle to developing
> requests for CWT-shaped signed assertions.
This is the main thing for me.
We must not close off pure CBOR CSRs and Certs. We want to eventually get to a
place where some one can run a system with no ASN.1/DER.
I would write drafts for this stuff now, except I’m committed to the EAT draft
and need to finish that. I’d also do implementations. My ctoken
<https://github.com/laurencelundblade/ctoken> implementation of CWT and EAT is
designed so this stuff can be easily added to it, but again I need to finish
EAT. The implementation is also so the code is shared between CWT, EAT and
eventually certs and CSRs. You could even do an (incompatible) revision of the
FIDO protocol that would re use this code.
I kind of agree with Michael’s point that it is wasteful to have three formats
(PKCS 10, CWT-based CSR and the thing in between proposed here). I also see any
transition to a pure CBOR/CWT infrastructure as very long involved with many
drafts being authored.
LL
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
