I mean, this is a definitional thing, so there is no right answer, but C509 is so close that I think trying to be a purist and claiming they are not X.509 just because they are not ASN.1 encoded will cause more problems than it solves.
Seeing C509 just as an alternative encoding for traditional ASN.1 certs, and that both of them basically encode the same X.509 profile(s) and follow similar rules makes more sense to me. So I would put them under the general PKIX umbrella. It will also be easier to convince people to adopt them if people realize its just a different (and better!) encoding for the thing they already know and pretend to love. -Tim From: Göran Selander <[email protected]> Sent: Wednesday, October 8, 2025 9:56 AM To: Tschofenig, Hannes <[email protected]>; Sipos, Brian J. <[email protected]>; [email protected] Subject: [COSE] Re: The term "PKIX" and C509 Hi, C509 defines an invertible CBOR re-encoding of DER encoded X.509 certificates, which supports large commonly used parts of RFC 5280 including RFC 7925, IEEE 802.1AR, CAB Baseline, RPKI, and eUICC profiled X.509 certificates. This doesnt make C509 into X.509. But since the mapping can be reversed to obtain the original DER encoded X.509 certificate it can be used as a compact representation of X.509 certificates within the PKIX infrastructure. Hope that helps! Göran From: Tschofenig, Hannes <[email protected] <mailto:[email protected]> > Date: Wednesday, 8 October 2025 at 15:22 To: Sipos, Brian J. <[email protected] <mailto:[email protected]> >, [email protected] <mailto:[email protected]> <[email protected] <mailto:[email protected]> > Subject: [COSE] Re: The term "PKIX" and C509 Hi Brian! The term PKIX stands for Public-Key Infrastructure using X.509. Using it to refer to other technologies that do not use the same encoding as X.509 certificates is likely to cause confusion. Note that PKIX also refers to the entire infrastructure not just the format of the cert. Just my two cents. Ciao Hannes Von: Sipos, Brian J. <[email protected] <mailto:[email protected]> > Gesendet: Mittwoch, 8. Oktober 2025 15:00 An: [email protected] <mailto:[email protected]> Betreff: [COSE] The term "PKIX" and C509 WG, >From the perspective of a user or a profile specification allowing the use of X509 and C509 in, for example, COSE messages has there been any discussion about terminology in the sense of the following: Is it expected that the term PKIX will exclusively refer to X.509 as defined in RFC 5280? Or will PKIX be an umbrella term to include C509 as an equivalent encoding of the same information model? Possibly public key certificate is a better general purpose term, though a little more narrow in scope (a single credential) than what PKIX would imply (the whole PKI). Any thoughts about this? Brian S.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
