On 23 May 2015 at 04:16:00, Nico Williams (nico(_at_)cryptonector(_dot_)com)
wrote:
I should clarify that my objection is to a working group IF a JOSE->CBOR
mapping is trivial enough,
The CBOR data model is a superset of the JSON data model, so a trivial
translation of JOSE to CBOR is indeed trivial.
Doing such a trivial mapping would be completely misguided, though, as CBOR has
additional capabilities, and the efficiencies we need in the constrained node
network environment are indeed made possible by those additional capabilities
[1]. So the main work of the WG will simply be about how exactly to use those
capabilities. (It all looks trivial on a napkin, but a few bikesheds still
have to be painted.) Any other hypothetical approach that adds binary
capabilities to the JSON data model will need to do this kind of work, bold
statements to the contrary notwithstanding.
The lack of a need for backward compatibility with dusty JavaScript decks also
means that a few unsavory details of JOSE can be cleaned up in the process
(e.g., JOSE muddles up MACs and signatures, which is easily fixed). The WG
clearly is mandated to be rather conservative in those cleanups.
Now, looking again at the WG proposal, there are deliverables that go
beyond merely mapping JOSE onto CBOR, so perhaps there is enough work
for a WG. Therefore I retract my opposition.
Thank you.
Grüße, Carsten
[1]: http://www.ietf.org/proceedings/90/slides/slides-90-jose-2.pdf