Michael,
On Wed, January 31, 2024 9:29 am, Michael Richardson wrote:
>
> Göran Selander <[email protected]> wrote:
> > The proposal is to change TBSCertificate of C509, i.e. what is being
> > signed, both in case of compressed X.509 and native. So existing
> C509
> > implementations need to change and existing C509 certificates are
> not
> > compliant. I don’t know to what extent this is already deployed,
> Derek
> > is one. And I can’t say how important one-pass verification is in
> this
> > case. Which is why we asked the WG for more input.
>
> okay, so it's still an I-D, and so Derek might have to lump it :-)
> However, I'm not convinced that he use case is Native C509, and not
> compressed, which would not change after compression/decompression.
Yes, it is still an I-D, but IMNSHO it is very late in the game to make a
breaking change that does not provide an oft-required feature or
capability. The only reason to change the format is to make "single-pass
processing" simpler. But this is a certificate, not a multi-megabyte (or
gigabyte, or petabyte) data object, so, again, IMNSHO, making a breaking
change just so you don't have to hold a 1KB object in RAM seems to be not
worth the change.
-derek
--
Derek Atkins 617-623-3745
[email protected] www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
