Thomas Fossati <[email protected]> wrote: > We want to transport DICE [0] certificate chains in CMWs [1], and for > that, we need a media type.
> Note that DICE certificate chains differ semantically from standard
> X.509 certificate chains in that they also represent attestation
> Evidence [2]. Therefore, using
> * application/pkcs7-mime; smime-type="certs-only"
> * application/cose-x509; usage=chain, and
> * application/pkix-pkipath
> would provide too coarse typing information, so we'd like to improve this.
> One way would be to extend the application/cose-x509 "usage" parameter
> to include the value "dice-chain", i.e., application/cose-x509;
> usage=dice-chain.
cose-x509. I was thinking this is from cbor-encoded-cert, but it defines
cose-c509-cert.
And that definition has usage=chain, so was this a typo? NOPE.
cose-x509 is RFC9360... and COSE_X509 is a CBOR sequence of bstr wrapped
DER-encoded PKIX certificates.
I think that this means that there is CBOR definite(?) array of bytes.
So this becomes a dice-chain.
And after you do CoAP/Content-Format registration, you get an integer for the
CBOR CMW, so any verbosity of the media type is a moot point.
> Would that be acceptable? If so, what steps need to be taken to
> register the new parameter value?
> Do we need a specification, and if so, what kind? Or is a request to
> the media-types list sufficient?
I understand that an email to [email protected] with the template is
enough. However, I find that one has to poke the reviewers.
I'm hoping IANA's new DE RT system will get help..
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
