Hi Anders,
> On 2022-02-22, at 06:59, Anders Rundgren <[email protected]>
> wrote:
>
> On 2022-02-21 17:31, Carsten Bormann wrote:
>> On 2022-02-21, at 17:15, Anders Rundgren <[email protected]>
>> wrote:
>>>
>>> I couldn't find any valid reason for using JSON
>> We seem to have found an area where we agree :-)
>
> In this context, right :)
> However, due to the myriad of CBOR serialization options,
Not true.
All widely used serialization formats grant the encoder some freedoms in
encoding information, CBOR is not different. There are no “options” that need
to be chosen or known to the recipient; there is only one CBOR.
> CWTs suffer from interoperability issues (*)
Not true. Pure FUD.
> making JWTs a better choice for *ubiquitous* usage :(
No
> By *mandating* preferred serialization ("I-CBOR") you can achieve the same
> interoperability as with JWTs,
Nonsense.
JWTs don’t use deterministic encoding, and neither does CWT need to to.
> as well as getting away from the need to bury data-to-be-signed in
> byte-strings.
Detached payloads solve that particular problem (if you have it).
Note that “burying” in CBOR is a simple copy (or reference), while JOSE needs
to base64-encoding everything, often in a nested way.
> Such solutions can also conserve buffer RAM in the case RAM is a scarce
> resource. Yes, depending on the application your mileage may vary.
CBOR saves RAM compared to JSON here.
Grüße, Carsten
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
