Trying to understand: with the inevitable move to PQ algorithms and certificates, the bulk of the certificate “volume” will be occupied by the public key and signature - the metadata size will “drown in the noise”.
In that case, what are the benefits of CBOR? Or is the assumption that ECC crypto with its small key and signature sizes will be there for the foreseeable future? — Regards, Uri Secure Resilient Systems and Technologies MIT Lincoln Laboratory > On Oct 9, 2025, at 04:46, Lijun Liao <[email protected]> wrote: > > > This Message Is From an External Sender > This message came from outside the Laboratory. > 1. There are not standard-conform X509 certificates, but such certificates > are usually not allowed in the public areas (e.g. CA/Browser Forum). If > exists, only ignorable percent. > 2. For the not standard-conform fields issuer, subject, and extensions, the > CBOR-compressed version uses the DER-encoded bytes so that it can still be > converted back. > >> On 8. Oct 2025, at 23:19, Phillip Hallam-Baker <[email protected]> wrote: >> >> It is a feature that is going to impose a very high burden on developers, is >> unlikely to work because of issues that are outside their control (i.e. >> X.509v3 certs not necessarily using correct DER) and is going to prevent the >> wider effort taking advantage of the opportunity to break backwards >> compatibility and jettison some of the X.500 legacy. > > _______________________________________________ > COSE mailing list -- [email protected] > To unsubscribe send an email to [email protected]
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
