Re: WG Review: CBOR Object Signing and Encryption (cose)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'd like toh second Phil's concerns here.

A proliferation of security standards, even when there are levels of
interoperability between them, is problematic for interoperability.
The folks proposing JOSE were required to make a very strong
justification about why we needed something JSON based  in addition to
our  existing security standards.
I believe they did that.

However, I don't think the constrained devices area has made a
justification explaining why

1) They need something different

2) They don't need interoperability with the rest of the world.

Even if constrained devices could benefit from a different encoding, if
they need interoperability, we still run into problems.  In the
discussions leading to DICE ACE, and COAP, arguments were made that there
would be proxies between the rest of the world and the constrained
network, so it was acceptable that we used different protocols.Th
These arguments basically don't apply to object signing and encryption.

Based on the charter, this working group sounds like a really bad idea,
flying in the face of interoperability and the IETF's mission.
I do not support chartering this work.





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]