There have been some hallway conversations about making the JOSE semantics available in CBOR (RFC 7049). I wanted to start a conversation on the JOSE list to see if there was any interest in doing the work here (after a recharter), in another working group, or through some other mechanism.
The hope is that the CBOR encoding would be pretty easy to specify. It would do away with the Base64url requirements from the JSON form (reducing size and complexity), since arrays of bytes are first-class entities in CBOR. It would not require JOSE/JSON compatibility. There are several reasons people seem to want this: - byte size on the wire (CBOR packs more tightly than JSON, and no need to Base64) - size of implementation for constrained devices (CBOR implementations can be quite small) - CPU utilization (CBOR can be more efficient, particularly on small devices) More information on the motivations and suggested approach can be found at: http://www.ietf.org/proceedings/90/slides/slides-90-jose-2.pdf (skip to slide 33 if you understand what a constrained network device looks like) There may be other encodings that people want to do. One I've heard mentioned is protobufs (https://developers.google.com/protocol-buffers/docs/overview). I don't yet believe there are enough of those other encodings for us to do a bunch of work generalizing JSON in an encoding-agnostic way. Each encoding will also need specific handling for what bytes will be protected. As such, my suggestion would be for us to gather a set of lessons learned in the process of doing the CBOR encoding that might act as signposts if anyone wants another encoding later. Please discuss. -- Joe Hildebrand _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
