c5u content, uri type, and protection

emanjon commented 3 years ago

Accorting to draft-ietf-cose-x509-08:

  The referenced resource can be any of the following media types:
  *  application/pkix-cert [RFC2585]
  *  application/pkcs7-mime; smime-type="certs-only" [RFC8551]

This is probably not what we want for c5u. We probably want something like c5chain or c5bag

Accorting to draft-ietf-cose-x509-08:

  The URI provided MUST provide integrity protection and server
  authentication.  For example, an HTTP or CoAP GET request to
  retrieve a certificate MUST use TLS [RFC8446] or DTLS
  [I-D.ietf-tls-dtls13]. 

For c5u we definitly want to allow OSCORE as well.

emanjon commented 3 years ago

The section should be updated based on x5bag, x5chain, x5u, x5t discussion. Looks like some changes are needed. But I will wait with that until x5bag, x5chain, x5u, x5t is done.

highlunder commented 2 years ago

Any status update on the x5XXX-work?

highlunder commented 1 year ago

Has been updated to point to accepted RFC in latest (https://www.ietf.org/archive/id/draft-ietf-cose-cbor-encoded-cert-06.html), closing!

cose-wg / CBOR-certificates

c5u content, uri type, and protection #86