Given that we occasionally look at how other SDOs use CBOR, COSE, etc.: This week here in Europe, everybody talks about (Covid-19) “vaccination certs”.
European Digital Health Certificates (as used in the European Digital Green Certificates “DGC” for Covid-19) use CBOR and COSE. This development had to happen quickly, so you it was run in the open; you find lots of information in github. It is entertaining and educational to read the discussions on the github repos, e.g., »It's very easy to decode HCERT. I coded our HCERT verifier in 4 hours without knowing anything about CBOR and COSE (I have used LD-Profs in the past, but not COSE-based certs).« [1] It is also interesting that one of the problems they had was with QR-Code integration. E.g., the base45 ASCII-funneled encoding they are using [2] contains percent characters, which unsurprisingly get mangled by some smartphone QR-Code readers (who try to percent-decode them as URIs). (That would have been easily avoidable at zero additional cost by using a base41-style encoding instead and using a less risky charset subset.) Also, they are using zlib (deflate) to “compress” the COSE, except that it doesn’t [3]. We may not pay much attention to these integration issues in our IETF WGs, but they are really important to make the whole package work. Maybe we can find someone to talk about practical aspects of DGC and related efforts at one of the next CBOR interims... Grüße, Carsten (Thanks to Emmanuel Baccelli for alerting me to this…) [1]: https://github.com/ehn-dcc-development/hcert-spec/issues/64#issuecomment-830692153 [2]: https://datatracker.ietf.org/doc/html/draft-faltstrom-base45 [3]: https://github.com/eu-digital-green-certificates/dgc-testdata/issues/284 _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
