On 23 May 2015 at 04:16:00, Nico Williams (nico@xxxxxxxxxxxxxxxx) wrote:
The CBOR data model is a superset of the JSON data model, so a trivial translation of JOSE to CBOR is indeed trivial. Doing such a trivial mapping would be completely misguided, though, as CBOR has additional capabilities, and the efficiencies we need in the constrained node network environment are indeed made possible by those additional capabilities [1]. So the main work of the WG will simply be about how exactly to use those capabilities. (It all looks trivial on a napkin, but a few bikesheds still have to be painted.) Any other hypothetical approach that adds binary capabilities to the JSON data model will need to do this kind of work, bold statements to the contrary notwithstanding. The lack of a need for backward compatibility with dusty _javascript_ decks also means that a few unsavory details of JOSE can be cleaned up in the process (e.g., JOSE muddles up MACs and signatures, which is easily fixed). The WG clearly is mandated to be rather conservative in those cleanups.
Thank you. Grüße, Carsten [1]: http://www.ietf.org/proceedings/90/slides/slides-90-jose-2.pdf |