C509 Authors, I think the technical content of the current C509 draft are in a good state. I did a small, and successful, experiment to encode, sign, and validate a C509 native cert with a few needed extension items.
I have a few editorial-type feedback comments for the draft that I hope can be addressed in one way or another. 1. It is currently difficult to extract a full CDDL document for this draft. Could one be extracted and added to the Github repo for reference? Or some procedure for how we can extract a full, valid CDDL definition from the markdown? I did some copy-paste work to get this and am running into tool errors, it seems like the time rule is missing but maybe Im extracting an incomplete set..? Also some reference CDDL like the oid from RFC 9090 needs to be included somehow; manually in a Github file is fine, but having a complete and parseable CDDL document would be very valuable for users. 2. The IANA sections which include what looks like a dictionary-list-within-table-cells makes reading and interpreting the tables difficult to me. Some IANA registries with many fields use a pure dictionary-list representation to avoid having a table with large numbers of columns. 3. Also in IANA tables having multiple forms of the PKIX OIDs is convenient but somewhat confusing that they are all just in the text without specific labels or explanations. I can infer that they are name (dotted-decimal) hex-binary but being more explicit in the form and explanation could be helpful (see #2 above about separating registry fields). From: Göran Selander <[email protected]> Sent: Thursday, January 16, 2025 7:56 AM To: Robert Moskowitz <[email protected]> Cc: [email protected]; Joel Höglund <[email protected]> Subject: [EXT] [COSE] Re: I-D Action: draft-ietf-cose-cbor-encoded-cert-12.txt APL external email warning: Verify sender [email protected] <mailto:[email protected]> before clicking links or attachments Hi Bob, Adding to Joel: we have separated out the things we want to include and labelled the github issues accordingly, only a few left to do. If people are happy with that scope and the resolutions then we could well have a ready version in January. One change for consideration is the simplified encoding of name, see https://github.com/cose-wg/CBOR-certificates/pull/213 In this change, the previous bespoke encoding is replaced: * text strings of EUI-64 format is encoded using the dedicated CBOR tag for MAC addresses; and * text strings of byte strings (even number of characters 0-9 and a-f) are encoded as (untagged) CBOR byte strings. This impacts in particular your application which uses byte string representations of IP addresses (which now are CBOR encoded without the prefix, thus one byte less). Please have a look and let us know if you disagree with this change. Göran From: Joel Höglund <[email protected] <mailto:[email protected]> > Date: Wednesday, 15 January 2025 at 19:23 To: Robert Moskowitz <[email protected] <mailto:[email protected]> > Cc: [email protected] <mailto:[email protected]> <[email protected] <mailto:[email protected]> > Subject: [COSE] Re: I-D Action: draft-ietf-cose-cbor-encoded-cert-12.txt Thank you for your question! The authors are currently doing a push to go through the open issues* and address all the critical ones to get it ready for a wg last call for the upcoming IETF meeting. It is likely we will post some related questions here on the COSE mailing list, asking for input during the upcoming period. If you already have questions or comments, feel free to reach out to us! *https://github.com/cose-wg/CBOR-certificates/issues Best Regards Joel Höglund On Wed, 15 Jan 2025 at 17:34, Robert Moskowitz <[email protected] <mailto:[email protected]> > wrote: Where does this stand wrt wg last call? It is getting serious consideration in some interesting aviation comm. Well beyond what I am doing with it for UAS... Bob On 1/8/25 07:29, [email protected] <mailto:[email protected]> wrote: > Internet-Draft draft-ietf-cose-cbor-encoded-cert-12.txt is now available. It > is a work item of the CBOR Object Signing and Encryption (COSE) WG of the > IETF. > > Title: CBOR Encoded X.509 Certificates (C509 Certificates) > Authors: John Preuß Mattsson > Göran Selander > Shahid Raza > Joel Höglund > Martin Furuhed > Name: draft-ietf-cose-cbor-encoded-cert-12.txt > Pages: 73 > Dates: 2025-01-08 > > Abstract: > > This document specifies a CBOR encoding of X.509 certificates. The > resulting certificates are called C509 Certificates. The CBOR > encoding supports a large subset of RFC 5280 and all certificates > compatible with the RFC 7925, IEEE 802.1AR (DevID), CNSA, RPKI, GSMA > eUICC, and CA/Browser Forum Baseline Requirements profiles. When > used to re-encode DER encoded X.509 certificates, the CBOR encoding > can in many cases reduce the size of RFC 7925 profiled certificates > with over 50% while also significantly reducing memory and code size > compared to ASN.1. The CBOR encoded structure can alternatively be > signed directly ("natively signed"), which does not require re- > encoding for the signature to be verified. The document also > specifies C509 Certificate Signing Requests, C509 COSE headers, a > C509 TLS certificate type, and a C509 file format. > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-cose-cbor-encoded-cert-12.html > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-cose-cbor-encoded-cert- 12 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > COSE mailing list -- [email protected] <mailto:[email protected]> > To unsubscribe send an email to [email protected] <mailto:[email protected]> _______________________________________________ COSE mailing list -- [email protected] <mailto:[email protected]> To unsubscribe send an email to [email protected] <mailto:[email protected]>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
