Derek Atkins <[email protected]> wrote: > On Wed, January 31, 2024 1:55 am, G�ran Selander wrote: >> Hi Michael, >> >> The proposal is to change TBSCertificate of C509, i.e. what is being >> signed, both in case of compressed X.509 and native. So existing C509 >> implementations need to change and existing C509 certificates are not >> compliant. I don’t know to what extent this is already deployed, Derek >> is one. And I can’t say how important one-pass verification is in this >> case. Which is why we asked the WG for more input.
> This is exactly the issue.. By changing TBSCertificate, it is making my
> existing (deployed) code invalid, and also invalidating all my devices
> deployed in the field because their manufacturer certificates would no
> longer be considered valid.
Because you are using Native signed C509?
(I'm sorry if I keep asking)
> In my case, the certificates are under 1KB (many under 512B), which is
> easily held in RAM in even the smallest of devices.
That's very nice!
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
