F.Y.I. https://cyberphone.github.io/javaapi/org/webpki/cbor/package-summary.html#cef
Isn't COSE sufficient you may [rightfully] ask? It is but since COSE is a framework, applications need to write a potentially rather elaborate "profile" in order to use it. CEF is not a framework. In addition, CEF builds on the CTAP2 CBOR canonicalization scheme making concepts like "protected" and "unprotected" redundant. In CEF all data is protected (that can be protected). The primary application for CEF is FIDO Web Pay (https://fido-web-pay.github.io/) where I intend to switch from JSON to CBOR for the assertion in order to save bytes and better align the system with FIDO/CTAP2. FIDO signatures (assertions) already require a highly customized solution so using CEF wasn't a big deal :) Thanx, Anders _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
