If you are going to replace DER with CBOR, fine. DER is probably the single biggest reason for hatred of ASN.1. The problem being you have to encode nested variants.
But that goes away if you are going to take a DER encoded certificate and convert it to CBOR for 'compression'. Once you do that, you have to reconstruct the original DER to validate the signature. And those of us who know DER are saying that is an absolute horror show. The only way to efficiently encode DER is to write yourself a custom buffer class that allows you to start at the end of the structure and work backwards. And even then you have to sort sets. That isn't a problem for most of the TLS world because most certificates come from special snowflakes that have to get themselves $250K audits and such and nobody really checks to see if the certs are really DER in any case. If you are trying to use CBOR to compress existing PKIX certs, every relying party is going to have to do the ASN.1 DER encoding rules to validate signatures. On Thu, Oct 9, 2025 at 5:48 AM Lijun Liao <[email protected]> wrote: > In the PQC era, the main advantage of C509 (CBOR) is the simple encoding > (CBOR vs ASN.1 DER). > > Please do not ignore this difference. Due to the complexity of X.509, the > (latest) mbed-tls is only able to parse a very limited subset of the > extensions. > > Regards, Lijun > > > On 9. Oct 2025, at 11:41, Blumenthal, Uri - 0553 - MITLL <[email protected]> > wrote: > > Trying to understand: with the inevitable move to PQ algorithms and > certificates, the bulk of the certificate “volume” will be occupied by the > public key and signature - the metadata size will “drown in the noise”. > > In that case, what are the benefits of CBOR? > Or is the assumption that ECC crypto with its small key and signature > sizes will be there for the foreseeable future? > — > Regards, > Uri > > Secure Resilient Systems and Technologies > MIT Lincoln Laboratory > > On Oct 9, 2025, at 04:46, Lijun Liao <[email protected]> wrote: > > > This Message Is From an External Sender > This message came from outside the Laboratory. > 1. There are not standard-conform X509 certificates, but such certificates > are usually not allowed in the public areas (e.g. CA/Browser Forum). If > exists, only ignorable percent. > 2. For the not standard-conform fields issuer, subject, and extensions, > the CBOR-compressed version uses the DER-encoded bytes so that it can > still be converted back. > > On 8. Oct 2025, at 23:19, Phillip Hallam-Baker <[email protected]> > wrote: > > It is a feature that is going to impose a very high burden on developers, > is unlikely to work because of issues that are outside their control (i.e. > X.509v3 certs not necessarily using correct DER) and is going to prevent > the wider effort taking advantage of the opportunity to break backwards > compatibility and jettison some of the X.500 legacy. > > > _______________________________________________ > COSE mailing list -- [email protected] > To unsubscribe send an email to [email protected] > > >
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
