As you all know (?), there are two IETF drafts [1,2] targeting deterministically encoded CBOR.
During almost 2 years (!) of (sometimes rather heated) discussions it has been claimed that "some" applications need deterministic encoding, most don't. To date "some" still remains essentially unknown 🙃 Personally, I haven't seen any (particularly convincing) uses of deterministic (or its cousin canonicalized) encoding, except for security-related constructs like FIDO attestations and COSE thumbprints. AFAICT, [2] also belongs to this category. The following (fairly short) specification, outlines a more dedicated approach to deterministically encoded CBOR: https://cyberphone.github.io/CBOR.js/doc/#main.deterministic Thanx, Anders 1] https://datatracker.ietf.org/doc/draft-ietf-cbor-cde/ 2] https://datatracker.ietf.org/doc/draft-mcnally-deterministic-cbor/ _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
