Thomas Fossati <[email protected]> wrote: > In short, see Harald's reply [2] for the details, in order to extend > the acceptable "usage" values, we'd need "[...] to get IESG approval > on the change. Whether you need to publish an update to RFC 9360 or > an additional RFC is probably going to be decided by the WG, your AD, > and the IESG."
> So, given the ambiguity surrounding the encoding of COSE_X509 raised
> by John and MCR, we may wish to bundle these two together in a brief
> update to RFC 9360. WDYT?
It seems like draft-ietf-rats-msg-wrap could do this, however, it's left the WG
to
the IESG and IETF LC. But, not on a telechat agenda yet.
It's not even an entire page. So write it up as a PR, and let the WGs consider.
>[1]
>https://mailarchive.ietf.org/arch/msg/media-types/4476Van-thNySvPj1pMAvkZvxlw/
>[2]
>https://mailarchive.ietf.org/arch/msg/media-types/ypYevlqM9zc9vLK3m17eH48j8Xc/
On Fri, 3 Oct 2025 at 21:14, Thomas Fossati <[email protected]> wrote:
>
> Hi, Michael.
>
> On Fri, 3 Oct 2025 at 18:28, Michael Richardson <[email protected]> wrote:
> > Thomas Fossati <[email protected]> wrote:
> > > We want to transport DICE [0] certificate chains in CMWs [1], and for
> > > that, we need a media type.
> >
> > > Note that DICE certificate chains differ semantically from standard
> > > X.509 certificate chains in that they also represent attestation
> > > Evidence [2]. Therefore, using
> > > * application/pkcs7-mime; smime-type="certs-only"
> > > * application/cose-x509; usage=chain, and
> > > * application/pkix-pkipath
> > > would provide too coarse typing information, so we'd like to improve
> > this.
> >
> > > One way would be to extend the application/cose-x509 "usage" parameter
> > > to include the value "dice-chain", i.e., application/cose-x509;
> > > usage=dice-chain.
> >
> > cose-x509. I was thinking this is from cbor-encoded-cert, but it defines
> > cose-c509-cert.
> > And that definition has usage=chain, so was this a typo? NOPE.
> > cose-x509 is RFC9360... and COSE_X509 is a CBOR sequence of bstr wrapped
> > DER-encoded PKIX certificates.
> > I think that this means that there is CBOR definite(?) array of bytes.
> >
> > So this becomes a dice-chain.
> > And after you do CoAP/Content-Format registration, you get an integer for
> > the
> > CBOR CMW, so any verbosity of the media type is a moot point.
> >
> > > Would that be acceptable? If so, what steps need to be taken to
> > > register the new parameter value?
> > > Do we need a specification, and if so, what kind? Or is a request to
> > > the media-types list sufficient?
> >
> > I understand that an email to [email protected] with the template is
> > enough. However, I find that one has to poke the reviewers.
> > I'm hoping IANA's new DE RT system will get help..
>
> OK, thanks for the tip; I'll forward the request to [email protected] then.
>
> cheers, t
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
