I think that Bob wants to store C509 certificates in DNS, using DANE. The DANE RR (TLSA) has four semantics for the "Certificate Usage Field" (see section 2.1.1 of RFC6698).
The stuff inside the RR is either an X.509 format certificate, or it may be a SubjectPublicKeyInfo (RPK), or a SHA-256/512 of the above. I think that Bob is asking if we should have a new Selector value for C509. That would be IANA Considerations work that cose-cbor-encode-cert would do, much like it does the TLS Certificates Types Registry. (That field is Specification Required, so our document would be enough) -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
