AFAICT, C509 certificate signatures DO NOT use COSE; the signature is calculated over
non-wrapped ("raw") CBOR using
https://www.ietf.org/archive/id/draft-ietf-cose-cbor-encoded-cert-13.html#name-deterministic-encoding
It is interesting to note that this (very useful) method have been slammed as a
generic solution:
https://www.ietf.org/archive/id/draft-rundgren-universal-cbor-06.html#name-enveloped-signatures
Anders
On 2025-03-23 04:58, Michael Richardson wrote:
Orie Steele <[email protected]> wrote:
> Similar to how c509 doesn't specify a complete bi-directional lossless
> mapping for all things an x509 cert can include, there will be
differences
> in what "Native COSE" and "Pure COSE" can do and how they do it...
> Btw, I don't love either of these terms "Native or Pure"... Sorry I don't
> have anything better to offer...
I think we should call it DER-signed and COSE-signed.
I am pleased to hear that there are CA interested in COSE-signed.
But I am dismayed that multiple people spoke up in favour of COSE-signed who
were in fact talking about DER-signed.
I believe it will get in the way of COSE-based cnf-PKI.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =- *I*LIKE*TRAINS*
_______________________________________________
COSE mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
COSE mailing list -- [email protected]
To unsubscribe send an email to [email protected]
