Re: WG Review: CBOR Object Signing and Encryption (cose)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



First, I appreciate the effort that went into this charter text. It is clear, understandable, and properly focused.

That being said...

On Fri, May 22, 2015 at 2:52 PM, Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote:
> When CBOR was proposed, the group working on it asserted that it was a
> private initiative, outside IETF process and they had no obligation to
> consider other design approaches.

There was an appeal regarding the publication of CBOR for which the outcome was: 1) IETF process was not followed, and 2) but the RFC is already published and some bells cannot be unrung. Fair enough, however basing further IETF work on it may not be wrong but does not seem right either. Phillip, having been active in the JSON wg and a known security-area participant, has a broader point that different design decisions may have been made had we known things would go this far.

I also noticed that the active draft for this effort has a normative dependency on CDDL. Working groups such as TZDIST were told they could not normatively depend on JCR. Again, fair enough. But what is to happen here? Given the parallels drawn between CBOR and JSON, it would be unfortunate for the IETF to bless one "JSON schema language" without a wider discussion. I am not saying they shouldn't use CDDL, but it would be best if the relationship between it and JSON were more clearly understood.

-andy

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]