Me too. Are the claims being made for this 'compression' based on actual studies or are they just feelings?
ASN.1 DER is not the most compact encoding out there but it isn't terrible either. My experience of the whole XML compression debate was that people who complained mightily about the inefficiency of XML completely ignored the compression schemes once they were agreed on. The only value to the whole compression debate was that people stopped raising message size as an issue. I have written ASN.1 DER encoders and getting them correct is sufficiently non-trivial that I would never rely on two independent implementations producing identical 'canonical' results. Nor am I aware of any PKIX implementations that reject incorrect encodings. Designing a system that relies on PKIX certificates being strict DER (and that your code is strict) is an adventure in navigating unexplored code paths. As for the person who asked 'what is the harm if it doesn't work', well... On Thu, Oct 9, 2025 at 5:42 AM Blumenthal, Uri - 0553 - MITLL < [email protected]> wrote: > Trying to understand: with the inevitable move to PQ algorithms and > certificates, the bulk of the certificate “volume” will be occupied by the > public key and signature - the metadata size will “drown in the noise”. > > In that case, what are the benefits of CBOR? > Or is the assumption that ECC crypto with its small key and signature > sizes will be there for the foreseeable future? > — > Regards, > Uri > > Secure Resilient Systems and Technologies > MIT Lincoln Laboratory > > On Oct 9, 2025, at 04:46, Lijun Liao <[email protected]> wrote: > > > 1. There are not standard-conform X509 certificates, but such certificates > are usually not allowed in the public areas (e. g. CA/Browser Forum). If > exists, only ignorable percent. 2. For the not standard-conform fields > issuer, subject, and extensions, > ZjQcmQRYFpfptBannerStart > This Message Is From an External Sender > This message came from outside the Laboratory. > > ZjQcmQRYFpfptBannerEnd > 1. There are not standard-conform X509 certificates, but such certificates > are usually not allowed in the public areas (e.g. CA/Browser Forum). If > exists, only ignorable percent. > 2. For the not standard-conform fields issuer, subject, and extensions, > the CBOR-compressed version uses the DER-encoded bytes so that it can > still be converted back. > > On 8. Oct 2025, at 23:19, Phillip Hallam-Baker <[email protected]> > wrote: > > It is a feature that is going to impose a very high burden on developers, > is unlikely to work because of issues that are outside their control (i.e. > X.509v3 certs not necessarily using correct DER) and is going to prevent > the wider effort taking advantage of the opportunity to break backwards > compatibility and jettison some of the X.500 legacy. > > > _______________________________________________ > COSE mailing list -- [email protected] > To unsubscribe send an email to [email protected] > >
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
