Derek Atkins <[email protected]> wrote: > I object to change #2.
okay.
> My objection is based on three issues: 1) It would break all existing
> code 2) It would invalidate all existing certificates 3) These
Why is that?
I don't see it.
What I think Goran is saying is that when encoding/compressing, that we'd
take the value from a different location (which should be identical), and
then when restoring, we'd restore the value to both locations.
It could also be that he is talking about Native signed C509, which has no
installed base. Maybe I mis-understand the proposal.
The words from the email:
>> 2. Another proposed simple but breaking change is about the location
>> of the signature algorithm in the CDDL for C509Certificate. In common
>> X.509 certificates this information is given twice, in the
>> signatureAlgorithm and Signature fields of TBSCertificate, containing
>> identical values. In -07 we only have the field corresponding to the
>> second occurrence at the end of TBSCertificate. The proposal is to
>> change this to first occurrence, to enable essentially one-pass
>> signature verification.
I'd still like better terms than C509 and Natively signed C509.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
