> I prefer: > 1. CBOR-compressed PKIX(5280) certificate. > -and- > 2. CBOR-native-encoded certificate.
(Assuming we at some point find a better word for “native”): C509 is “CBOR native-encoded”. What is different between C509 and the “CBOR-native” certificates is the derivation of the signing input; (1) tries to stay somewhat compatible with RFC 5280 so your HSMs are still useful. Note that there is no reason not to include both a RFC 5280-derived (1) and a COSE-derived (2) signature in a C509 item. > (Yes, it uses RFC5280 semantics, but it's a new ecosystem) Right, and step 3 (i.e., the interesting one) is actually addressing what we have learned about the data model that RFC 5290 (“X.509”) defines. But that is not the subject of the C509 work. > If we had to make up TLAs, I'd use something like CCPC (#1), and CNEC. (*) Thank god we don’t have to :-) Grüße, Carsten (*) And your proposals would be FLAs. _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
