Pardon the cross-posting... A pretty strange subject line, right? :)
However, there is a reality in the form of constrained devices that in order to use COSE must either turn to yucky infinite-length encoding (https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-11#section-8.3.1) or create the entire payload in RAM, here assuming that the exact size of the payload in bytes is not known in advance. X.509 certificates (that were created in a time when virtually all devices were constrained) do not suffer from these problems due to their reliance on deterministic encoding, followed by a separate signature item. A further advantage of the X.509 approach compared to COSE/CWT, is that the claims are not stuffed in a blob requiring yet another layer of decoding. However, compared to ASN.1, CBOR is much more "RAM-friendly" since it doesn't impose a byte-length over items enclosed in a map or array. Concatenation is all you need! I believe the time has come to seriously look into alternatives to COSE since it was "inspired" by JOSE. CBOR <<>> JSON. This GitHub issue elaborates a bit more on this topic: https://github.com/ietf-rats-wg/eat/issues/168 Thanx, Anders _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
