On Feb 21, 2022, at 8:31 AM, Carsten Bormann <[email protected]> wrote: > > On 2022-02-21, at 17:15, Anders Rundgren <[email protected]> > wrote: >> >> I couldn't find any valid reason for using JSON > > We seem to have found an area where we agree :-)
Not out for a big debate here or to win hearts and minds, but here’s the reasons for JSON. The overwhelming one is that JSON use in the world is something like ten times CBOR use. People and libraries that implement it well are a dime a dozen. CBOR isn’t even close. EAT is not just for small embedded devices. People want to use it to prove one cloud service to another, to prove an Android app to a cloud service and so on. EAT is used for both Attestation Evidence and Attestation Results. Attestation Results is a B-to-B interaction and most of them these days are JSON. The RATS charter suggests (but does not require) work in both JSON and CBOR. The big cross-bar diagram in RATS architecture <https://datatracker.ietf.org/doc/html/draft-ietf-rats-architecture-15#section-9> says that RATS should be adaptable to many encoding formats (CWT, JWT, TPM, X.509, other…), so we’re lucky we’re only having to do two. I personally, would mostly be OK with CBOR/COSE/CWT, but it seems to me that JSON is so heavily used that we would be limiting RATS/EAT up take if we limited ourselves to it. LL
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
