Register a CBOR tag for X.509 cert?

[laurencelundblade]

We have registered tags for lots of common data structures. X.509 certs are a common data structure. This RFC would be a convenient place to do it.

It could be polymorphic based on the type of the tag content

• tstr implies PEM encoding
• bstr implies DER encoding
• array means hash of the cert
• URI means reference

This could allow the removal of x5t and x5u entirely. They would just be folded in with x5bag and x5chain. Any individual cert in the bag or the chain could be any of the types.

This is partly in conflict with my issue #22

[jimsch]

I am not sure why you think this would be needed. The only reasonable answer here is to say that it is a DER encoded certificate and be done with it. There is no need to carry a PEM cert in the message itself. Having the thumbprint or URI would mean that things will get really sticky fast because the same certificate could be referenced many times by different methods. That is just confusing.

[laurencelundblade]

It was a thought. Removing the comment.