Slightly related to the recent proposal to "bstr" C509 data.
For CBOR-based protocols it seems pretty awkward mixing standard decoding mode
with sequence mode.
I would consider using "bstr" as a container in such cases. Then the unpacking
using sequence mode is limited to C509 containers.
Although not a major issue, expanding certificates by default in logs seems a
bit of an overkill.
Unwrapped C509 certificate sequence:
2,
h'01f50d',
0,
"RFC test CA",
1672531200,
1767225600,
48(h'0123456789AB'),
1,
h'02B1216AB96E5B3B3340F5BDF02E693F16213A04525ED44450
B1019C2DFD3838AB',
1,
h'EB0D472731F689BC00F5880B12C68B3F9FD38B23FADFCA2095
0F3F241B60A202579CAC28CD3B7494D5FA5D8BBAB4600357E5
50AB9FA9A65D9BA2B3B82E668CC6'
CBOR protocol using a C509 certificate wrapped in bstr:
{
"otherstuff": "PKI is cool?",
"certificate": h'024301f50d006b524643207465737420434
11a63b0cd001a6955b900d830460123456789ab01582102b1216ab96
e5b3b3340f5bdf02e693f16213a04525ed44450b1019c2dfd3838ab0
15840eb0d472731f689bc00f5880b12c68b3f9fd38b23fadfca20950
f3f241b60a202579cac28cd3b7494d5fa5d8bbab4600357e550ab9fa
9a65d9ba2b3b82e668cc6'
}
I guess this does not apply to TLS and friends.
Anders
_______________________________________________
COSE mailing list -- [email protected]
To unsubscribe send an email to [email protected]
