Michael,
On Wed, January 31, 2024 9:31 am, Michael Richardson wrote:
>
> Derek Atkins <[email protected]> wrote:
> > On Wed, January 31, 2024 1:55 am, G�ran Selander wrote:
> >> Hi Michael,
> >>
> >> The proposal is to change TBSCertificate of C509, i.e. what is
> being
> >> signed, both in case of compressed X.509 and native. So existing
> C509
> >> implementations need to change and existing C509 certificates are
> not
> >> compliant. I don’t know to what extent this is already deployed,
> Derek
> >> is one. And I can’t say how important one-pass verification is in
> this
> >> case. Which is why we asked the WG for more input.
>
> > This is exactly the issue.. By changing TBSCertificate, it is making
> my
> > existing (deployed) code invalid, and also invalidating all my
> devices
> > deployed in the field because their manufacturer certificates would
> no
> > longer be considered valid.
>
> Because you are using Native signed C509?
> (I'm sorry if I keep asking)
Yes, I am using (Native)( C509. I am not using X509 or CBOR-encoded X509.
>
> > In my case, the certificates are under 1KB (many under 512B), which
> is
> > easily held in RAM in even the smallest of devices.
>
> That's very nice!
It is, which is one (of many) reasons I'm using (Native) C509.
-derek
--
Derek Atkins 617-623-3745
[email protected] www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
