Skip to main content

CBOR Encoded X.509 Certificates (C509 Certificates)
draft-ietf-cose-cbor-encoded-cert-20

Revision differences

Document history

Date Rev. By Action
2026-07-12
20 Barry Leiba Closed request for IETF Last Call review by ARTART with state 'Overtaken by Events': Document has finished IESG processing
2026-07-12
20 Barry Leiba Assignment of request for IETF Last Call review by ARTART to Jaime Jimenez was marked no-response
2026-06-30
20 Göran Selander New version available: draft-ietf-cose-cbor-encoded-cert-20.txt
2026-06-30
20 Göran Selander New version accepted (logged-in submitter: Göran Selander)
2026-06-30
20 Göran Selander Uploaded new revision
2026-05-29
19 Roman Danyliw
[Ballot comment]
Thank you to Russ Housley for the GENART review.

Thank you for addressing my DISCUSS and COMMENT feedback.

===

** Section 1.  Editorial. …
[Ballot comment]
Thank you to Russ Housley for the GENART review.

Thank you for addressing my DISCUSS and COMMENT feedback.

===

** Section 1.  Editorial.

  Implementors can get familiar
  with CBOR by using the CBOR playground [CborMe].

It is not clear what the value of this text for an archival document.
2026-05-29
19 Roman Danyliw [Ballot Position Update] Position for Roman Danyliw has been changed to No Objection from Discuss
2026-05-11
19 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2026-05-11
19 Göran Selander New version available: draft-ietf-cose-cbor-encoded-cert-19.txt
2026-05-11
19 Göran Selander New version accepted (logged-in submitter: Göran Selander)
2026-05-11
19 Göran Selander Uploaded new revision
2026-04-30
18 Morgan Condie IESG state changed to IESG Evaluation::AD Followup from IESG Evaluation - Defer
2026-04-29
18 Amanda Baber IANA issues have been fixed in Github.
2026-04-29
18 Amanda Baber All expert approvals have been received.
2026-04-29
18 Roman Danyliw
[Ballot discuss]
** Section 8.4
  The
  fields of the registry are Value, Comments, and subjectPrivateKey,
  and Reference, where Value is an integer, …
[Ballot discuss]
** Section 8.4
  The
  fields of the registry are Value, Comments, and subjectPrivateKey,
  and Reference, where Value is an integer, and the other columns are
  text strings.

The value of subjectPrivateKey seems to be underspecified.  Yes, it is text string.  However, what are the valid values?  What does this field describe?

** Section 8.6, 8.7
  The fields Name, OID, and DER are mandatory.

  If
  OID is present, the OID is given in dotted decimal representation,
  and the DER column contains the hex string of the DER-encoded OID
  [X.690].

-- Per sentence one, the OID field is mandatory.  Per sentence two, there appears to be conditionality to whether the OID might be present.  Which is it?

-- Where are the OID and DER fields defined?

** Section 8.8.  Where are OID, DER, and AttributeValue defined?

** Section 8.9. Where are the OID and DER fields defined?

** Section 8.9, 8.10
  The fields Name,
  OID, and DER are mandatory.

Is it desirable to register a field with no comment (reference)?

** Section 8.11.  8.12. Where are the OID and DER fields defined?  Is it desirable to register a code point with no comment (reference)?

** Section 8.13.  Where are the OID and DER fields defined?  Is it desirable to register a code point with no comment (reference)?

** Section 8.14 and 8.15.  Do not use BCP14 keywords in IANA considerations.  See https://datatracker.ietf.org/doc/statement-iesg-statement-on-clarifying-the-use-of-bcp-14-key-words/

** Section 8.14.  What does the comment field text that says “Don’t use” mean.  Where is it explained that the comment field has recommendations on usage?
2026-04-29
18 Roman Danyliw
[Ballot comment]
Thank you to Russ Housley for the GENART review.

** Section 1.  Editorial.

  Implementors can get familiar
  with CBOR by using …
[Ballot comment]
Thank you to Russ Housley for the GENART review.

** Section 1.  Editorial.

  Implementors can get familiar
  with CBOR by using the CBOR playground [CborMe].

It is not clear what the value of this text for an archival document.

** Section 8.15.1.  What does this section have to do with IANA actions?
2026-04-29
18 Roman Danyliw [Ballot Position Update] New position, Discuss, has been recorded for Roman Danyliw
2026-04-28
18 Tommy Jensen [Ballot Position Update] New position, No Objection, has been recorded for Tommy Jensen
2026-04-28
18 (System) IANA Review state changed to IANA OK - Actions Needed from IANA - Not OK
2026-04-28
18 David Dong IANA Experts State changed to Expert Reviews OK from Issues identified
2026-04-28
18 David Dong The CoAP Content-Formats, EDHOC Authentication Credential Types, TLSA Selectors, and TLS Certificate Types registrations have been approved.
2026-04-28
18 Mike Bishop
[Ballot comment]
# IESG review of draft-ietf-cose-cbor-encoded-cert-18

CC @MikeBishop

## Comments

### IANA

This document seems to have unresolved IANA issues. Have next steps
been …
[Ballot comment]
# IESG review of draft-ietf-cose-cbor-encoded-cert-18

CC @MikeBishop

## Comments

### IANA

This document seems to have unresolved IANA issues. Have next steps
been determined?

### Section 8.1, paragraph 1
```
    The expert reviewers for the registries defined in this document are
    expected to ensure that the usage solves a valid use case that could
    not be solved better in a different way, that it is not going to
    duplicate an entry that is already registered, and that the
    registered point is likely to be used in deployments.  They are
```
These things are vague enough to give me concern; not quite DISCUSS-level, but I
worry that we're inviting appeals from registrants who disagree with the
reviewer on the "best" preferred solution.

### Section 8.6, paragraph 1

How does "If OID is present" reconcile with "OID [is] mandatory"?

### Section 8.6, paragraph 1

Is the goal that all elements of some existing registry are assigned
mapped values here? If so, synchronization becomes a concern, and adding a
column to that registry might be preferable. If it's independent and just linked
to that other registry by OID, this is probably the best we can do.

### Too many authors

The document has six authors, which exceeds the recommended author limit. Has
the sponsoring AD agreed that this is appropriate?

### Missing references

No reference entries found for these items, which were mentioned in the text:
`[bytes]`.

### DOWNREFs

DOWNREF `[RFC7299]` from this Proposed Standard to Informational `RFC7299`.
(For IESG discussion. It seems this DOWNREF was not mentioned in the Last Call
and also seems to not appear in the DOWNREF registry. Reference only appears to
be for a registry reference.)

### IP addresses

Found IP blocks or addresses not inside RFC5737/RFC3849 example ranges:
`23.106.104.0`, `2.5.29.15`, `2.5.29.37`, `2.5.4.41`, `2.5.4.11`, `2.5.4.8`,
`23.109.0.0/16`, `2001:7f9:ffff:ffff:ffff:ffff:ffff:ffff`, `2.5.4.12`,
`2.5.29.30`, `2.5.4.20`, `23.111.63.255`, `2.5.29.14`, `2.5.4.43`, `2.5.29.32`,
`2.5.4.4`, `2.5.4.6`, `2.5.29.54`, `2.5.29.31`, `23.106.119.255`,
`22.82.0.0/16`, `2.5.4.15`, `2.5.29.35`, `2.5.29.46`, `1.3.101.113`,
`2.5.4.97`, `2002:8:0:ffff:ffff:ffff:ffff:ffff`, `2.5.4.17`,
`2001:bff:ffff:ffff:ffff:ffff:ffff:ffff`, `23.111.16.0`, `2.5.4.42`,
`2.5.4.65`, `1.3.101.111`, `1.3.101.110`, `2.5.29.18`, `2.5.4.3`, `2.5.4.7`,
`2.5.4.44`, `2.5.4.5`, `2.5.29.19`, `2.5.4.46`, `2.5.4.9`, `2.5.29.9`,
`2.5.29.36`, `2.5.4.54`, `23.83.112.0/20`, `1.3.101.112`, `2.5.29.17`,
`2.5.29.33`, and `2.5.4.10`.

## Nits

All comments below are about very minor potential issues that you may choose to
address in some way - or ignore - as you see fit. Some were flagged by
automated tools (via https://github.com/larseggert/ietf-reviewtool), so there
will likely be some false positives. There is no need to let me know what you
did with these suggestions.

### Typos

#### Section 3.3, paragraph 42
```
-      CBOR uint.  With the exception of the first ASId, the ASid is
-                                                              ^
-      encoded as the difference to the previous ASid.
-                                                  ^
+      CBOR uint.  With the exception of the first ASId, the ASId is
+                                                              ^
+      encoded as the difference to the previous ASId.
+                                                  ^
```

#### Section 3.8, paragraph 1
```
-    In TLS and DTLS, the subject of trusted authory may be sent to the
+    In TLS and DTLS, the subject of a trusted authority may be sent to the
+                                    ++              ++
```

#### Section 7, paragraph 5
```
-    handled exactly as how such errors would be handled for the
-                      ----
```

### Section 8.23, paragraph 1
```
  This document registers the following entry in the "SMI Security for
                      ^^
```

### Uncited references

Uncited references: `[RFC2247]`, `[RFC1274]`, `[RFC6960]`, `[X.520]`,
`[RFC6962]`, `[RFC3161]`, and `[GSMA-SGP.22]`.

### Outdated references

Reference `[RFC6962]` to `RFC6962`, which was obsoleted by `RFC9162` (this may
be on purpose).

Reference `[RFC8398]` to `RFC8398`, which was obsoleted by `RFC9598` (this may
be on purpose).

Reference `[RFC5246]` to `RFC5246`, which was obsoleted by `RFC8446` (this may
be on purpose).

Reference `[RFC1274]` to `RFC1274`, which was obsoleted by `RFC4524` (this may
be on purpose).

Document references `draft-ietf-lamps-RFC7030-csrattrs`, but that has been
published as `RFC9908`.

### Grammar/style

#### Section 3.3, paragraph 26
```
      encoded as an int.  The policyQualifierId is encoded as an CBOR
                                                              ^^
```
Use "a" instead of "an" if the following word doesn't start with a vowel sound,
e.g. "a sentence", "a university".

#### Section 3.3, paragraph 38
```
        and for IPv6 addresses, the field MUST contain 17 octets, where
        the last octet indicates the number of bits in the prefix.  As an
```
While it's clear after a moment how to parse, consider ending the sentence after
"17 octets" and starting a new sentence, "In both cases, the last...."

#### Section 3.3, paragraph 55
```
e calculated over ~C509Certificate. Thus C509CertData contains all data neces
                                    ^^^^
```
A comma may be missing after the conjunctive/linking adverb "Thus".

#### Section 3.5, paragraph 5
```
ay be sent to the peer to help it selecting the certificate chain, as in the
                                  ^^^^^^^^^
```
The verb "help" is used with an infinitive.

#### Section 4.4, paragraph 12
```
the remaining text strings are minimal in size. Therefore, the further size r
                              ^^^^^^^^^^^^^^^
```
This wording could be more concise.

#### Section 6.2, paragraph 2
```
t could not be solved better in a different way, that it is not going to dup
                            ^^^^^^^^^^^^^^^^^^
```
Consider replacing this phrase with the adverb "differently" to avoid
wordiness.

#### Section 6.2, paragraph 3
```
eview with Expert Review" are made on a "IETF Review" basis per Section 4.8 o
                                      ^
```
Use "an" instead of "a" if the following word starts with a vowel sound, e.g.
"an article", "an hour".

#### Section 8.20, paragraph 3
```
erences [CAB-Code] CA/Browser Forum, "CA/Browser Forum, "Baseline Requiremen
                                    ^
```
Unpaired symbol: """ seems to be missing.

#### Section 8.20, paragraph 3
```
gning/>. [CAB-TLS] CA/Browser Forum, "CA/Browser Forum, "Baseline Requirement
                                    ^
```
Unpaired symbol: """ seems to be missing.
2026-04-28
18 Mike Bishop [Ballot Position Update] New position, No Objection, has been recorded for Mike Bishop
2026-04-28
18 Deb Cooley
[Ballot comment]
I'm balloting no obj, but there are substantial comments to address.  I did consider abstaining, see my 'general comment' near the top of …
[Ballot comment]
I'm balloting no obj, but there are substantial comments to address.  I did consider abstaining, see my 'general comment' near the top of my ballot.

Thanks to Corey Bonnell for their secdir reviews.  I agree with many points in their review, and I would like to see their comments addressed.

Thanks to Chris Inacio for deferring this draft for a telechat cycle, it is a complex draft for which I needed the extra time.

General:  While one can claim that CBOR encoded certs eliminate the need for ASN.1 implementation, that only works if the C509 cert can only be CBOR encoded.  As it stands implementations now need both CBOR and ASN.1 depending on what certificates are being used.  Instead of reduced complexity, there is now double the complexity.  In addition, the choices that can be made for various field selections also increase the complexity, which under normal circumstances reduces interoperability.  Sadly there is only one prototype implementation currently.  I'll be curious to see what the uptake is for this idea as it stands.

Section 1, para 5:  This could easily be deleted as it is repetitive with the para above.  If it is left in the specification, please look at the sentence construction (it is indeed only a single sentence) that makes little sense after the 'e.g,' and then 'or' and then 'and'.

Section 1, #1:  Please add a note to say that validating the signature on the certificate first requires that it is reverted back to the original X.509 certificate.

Section 1, second to last para:  I would incorporate this information in #2 above it. (again, a paragraph with a single sentence)

Section 3.1.4, para 2:  Why is the construction of serialNumber in this section vice Section 3.1.2?

Section 3.1.4, para 4:  Is this 'extension' part of the issuer name, or part of what is described in Section 3.1.10?

Section 3.1.5:  Do you need a reference for 'POSIX time'?

Section 3.1.6:  Should 'CBOR simple value' be 'CBOR simple value null'?  (it is phrased that way in Section 3.1.4 and 3.1.5.

Section 3.1.8 & 3.1.9: Where do these fields originate? 

Section 3.3, para 3:  Does this mean that the actual OID is the same regardless of the name?  Or that there are multiple registered OIDs for the same extension?  Please clarify if it is the former.  If it is the latter, then specifying which OID is expected will make implementation less complex.

Section 3.3.1, key usage:  Isn't key usage normally critical?  Wouldn't an example of that be more useful?

Section 8.1, para 1:  I wonder how a DE will determine if a request can be solved in a 'better in a different way'.  'Better' being very subjective.

Section 8.14:  Why are SHA-1 algorithms being registered (even if they are marked as 'deprecated')?
2026-04-28
18 Deb Cooley [Ballot Position Update] New position, No Objection, has been recorded for Deb Cooley
2026-04-27
18 Matt Brown Request for Telechat review by DNSDIR Completed: Ready. Reviewer: Matt Brown. Sent review to list. Submission of review completed at an earlier date.
2026-04-27
18 Matt Brown Request for Telechat review by DNSDIR Completed: Ready. Reviewer: Matt Brown.
2026-04-27
18 Ketan Talaulikar
[Ballot comment]
Thanks to the authors and the WG for their work on this document. Please find below some comments and some clarifications sought to …
[Ballot comment]
Thanks to the authors and the WG for their work on this document. Please find below some comments and some clarifications sought to help improve the document.

1) In some of the IANA sections, e.g., section 8.6, there is a "Comments" field and those actually reference normative specifications. Not being someone familiar with this area, I am unable to determine if "Comments" mean "Specifications" or something else. In any case, does "comments" seem the right title for the column if it has mainly normative specifications?

2) There is some text under IANA considerations in section 8.15.1 that seem not related to or suitable for that section and instead should be perhaps elsewhere in the document. Please cross-check.

3) Issues with references?
- RFC2247 and GSMA-SGP.22 are listed as informative reference, but are not referenced anywhere.
- RFC6962 and RFC8398 referenced normatively has been obsoleted by RFC9162 and RFC9598 respectively.
- RFC1274 referenced informatively has been obsoleted by RFC4524.
- draft-ietf-lamps-rfc7030-csrattrs has been published as RFC9908; also please cross-check that it is not normative along the lines of RFC7030

I note that the shepherd write-up indicates 5 authors while the document actually has 6. This is just to bring to the attention of the responsible AD as it exceeds the normally expected number.
2026-04-27
18 Ketan Talaulikar [Ballot Position Update] New position, No Objection, has been recorded for Ketan Talaulikar
2026-04-26
18 Éric Vyncke [Ballot comment]
Thanks for the work done in this document and for addressing my previous blocking and non-blocking comments.

https://mailarchive.ietf.org/arch/msg/cose/PR2QT5WGx6Eb3LtU6whdWYXHktI/ (for archive)
2026-04-26
18 Éric Vyncke [Ballot Position Update] Position for Éric Vyncke has been changed to No Objection from Discuss
2026-04-24
18 Mohamed Boucadair
[Ballot comment]
Hi John, Göran, Shahid, Joel, and Martin,

Many thanks for the well-written document. Excellent work.

Thank you for the discussion and changes made …
[Ballot comment]
Hi John, Göran, Shahid, Joel, and Martin,

Many thanks for the well-written document. Excellent work.

Thank you for the discussion and changes made in [1] to address comments in my previous ballot [2].

I appreciate that consistency is followed by the authors vs the resolution to a similar DISCUSS for RFC9668, but some of that text smells like updating the rules in RFC7120.

Cheers,
Med

[1] https://author-tools.ietf.org/iddiff?url1=draft-ietf-cose-cbor-encoded-cert-17&url2=draft-ietf-cose-cbor-encoded-cert-18&difftype=--html

[2] https://mailarchive.ietf.org/arch/msg/cose/m6QDwcY8SkSDtsUuLaJLOA-OfLY/
2026-04-24
18 Mohamed Boucadair [Ballot Position Update] Position for Mohamed Boucadair has been changed to No Objection from Discuss
2026-04-23
18 Amanda Baber
IANA comments:

1) Question about Section 9.5, value 8 in Figure 10: I'm seeing different entries in the "Identifiers" field depending on document format. In …
IANA comments:

1) Question about Section 9.5, value 8 in Figure 10: I'm seeing different entries in the "Identifiers" field depending on document format. In the text file, I'm seeing "organizationName, o"; in the HTML version, the second string (?) is a circle character that I can't copy; and in the XML file, I don't see a character after the comma at all. What should IANA record for this registration in the registry's XML file?

2) Expert review issue: the CoAP Content-Format expert is still requesting that spaces in the Content-Format names in Figure 20 be removed.

3) Note: it doesn't appear that any of these media type templates have been sent to media-types@ietf.org for review. RFC 6838 doesn't require this, but it does recommend it, and the CoAP Content-Formats expert pointed out a possible issue that he thinks should be checked.

4) Note: we have a strong preference for removing "Parameters" from "CBOR Encoded X.509 (C509) Parameters," and unless there's a reason it needs to be retained, we're going to remove the word "Registry" from all the registry names that include it (e.g., "C509 Extensions Registry").

5) Note: in -17, there's a line break between every word in the HTML version of the document (and a text element for every word in the XML file). In order to copy and paste text into XML records for the new registries, we're going to have to use the plain-text version of the draft, so we're liable to miss any special characters. If there are any characters that need to be pulled from another version of the document, please call our attention to them.
2026-04-23
18 Amanda Baber IANA Review state changed to IANA - Not OK from Version Changed - Review Needed
2026-04-22
18 Christopher Inacio [Ballot Position Update] New position, Yes, has been recorded for Christopher Inacio
2026-04-22
18 Jim Reid Assignment of request for Telechat review by DNSDIR to James Gannon was withdrawn
2026-04-22
18 Jim Reid Request for Telechat review by DNSDIR is assigned to Matt Brown
2026-04-22
18 Jim Reid Request for Telechat review by DNSDIR is assigned to James Gannon
2026-04-22
18 Göran Selander New version available: draft-ietf-cose-cbor-encoded-cert-18.txt
2026-04-22
18 Göran Selander New version accepted (logged-in submitter: Göran Selander)
2026-04-22
18 Göran Selander Uploaded new revision
2026-04-15
17 David Dong IANA Experts State changed to Issues identified from Reviews assigned
2026-04-13
17 Christopher Inacio Telechat date has been changed to 2026-04-30 (Previous date was 2026-04-16)
2026-04-13
17 (System) Changed action holders to Christopher Inacio (IESG state changed)
2026-04-13
17 Christopher Inacio IESG state changed to IESG Evaluation - Defer from IESG Evaluation
2026-04-13
17 Corey Bonnell Request for Telechat review by SECDIR Completed: Has Nits. Reviewer: Corey Bonnell. Sent review to list.
2026-04-13
17 Jim Guichard [Ballot Position Update] New position, No Objection, has been recorded for Jim Guichard
2026-04-10
17 Andy Newton [Ballot Position Update] New position, No Objection, has been recorded for Andy Newton
2026-04-10
17 Éric Vyncke
[Ballot discuss]

# Éric Vyncke INT AD comments for draft-ietf-cose-cbor-encoded-cert-17
CC @evyncke

Thank you for the work put into this document.

Please find below some …
[Ballot discuss]

# Éric Vyncke INT AD comments for draft-ietf-cose-cbor-encoded-cert-17
CC @evyncke

Thank you for the work put into this document.

Please find below some blocking DISCUSS points, some non-blocking COMMENT points/nits (replies would be appreciated even if only for my own education).

Special thanks to Ivaylo Petrov for the shepherd's write-up including the WG consensus *BUT* it lacks the justification of the intended status.

Other thanks to Ted Lemon, the DNS directorate reviewer:
https://datatracker.ietf.org/doc/review-ietf-cose-cbor-encoded-cert-17-dnsdir-telechat-lemon-2026-03-30/ (and I have read the previous email threads with the authors)

I hope that this review helps to improve the document,

Regards,

-éric

Note: this ballot comments follow the Markdown syntax of https://github.com/mnot/ietf-comments/tree/main, i.e., they can be processed by a tool to create github issues.

## DISCUSS (blocking)

As noted in https://datatracker.ietf.org/doc/statement-iesg-handling-ballot-positions-20220121/, a DISCUSS ballot is a request to have a discussion on the points below; I really think that the document would be improved with a change here, but can be convinced otherwise.

### Section 3.3

About "IpAddrBlocks", the whole text is a little unclear to me to be honest, so I may have misread the specification BUT the text `It should be noted that using address differences for compactness prevents encoding an address range larger than 2**64 - 1 corresponding to the CBOR integer max value.` seems really a bad choice for IPv6 addresses as the usual prefix size if 64-bit long. I.e., the encoding cannot cope with 2001:db8::/63. There are no examples in the appendix about this encoding, and this does not help the reader.

Also very unclear to me (missing references and how to use): `IPAddressFamily = (AFI: uint, SAFI: uint / null, IPAddressChoice)`

The text `as specified in [I-D.ietf-lamps-macaddress-on]` makes the reference normative.
2026-04-10
17 Éric Vyncke
[Ballot comment]

## COMMENTS (non-blocking)

### Section 1

Please add a reference to `IEEE 802.1AR (DevID)`.

Also add references to `C509 is deployed in, e.g.,...`` …
[Ballot comment]

## COMMENTS (non-blocking)

### Section 1

Please add a reference to `IEEE 802.1AR (DevID)`.

Also add references to `C509 is deployed in, e.g.,...``

### Section 3.1.8 (and others)

What does `Not supported.` mean in this case ? Should the text be explicit and state that if this field exist in the X.509 then no C509 can be generated? (just to be clear)

### Section 3.3

About "Name Constraints" s/where the last octet indicates the number of bits in the *netmask*/where the last octet indicates the number of bits in the *prefix*/

About "IPAddrBlocks", just wondering why not using the 'number of used octets' as it is closer to the usual CIDR/IPv6 prefix notation in `Each AddressPrefix is encoded as a CBOR bytes string (without the unused bits octet) followed by the number of unused bits encoded as a CBOR uint` ?

`KeyIdentifier SHOULD be composed of the leftmost 160-bits of the SHA-256 hash of the CBOR encoded subjectPublicKey. Other methods of generating unique numbers can be used.` why a SHOULD as other methods can be used ? This sentence does not seem to follow https://datatracker.ietf.org/doc/statement-iesg-statement-on-clarifying-the-use-of-bcp-14-key-words/.

### Section 9

Suggest adding informative reference to the newly created IANA registries *AND* updated existing registries.

Somehow like Med Boucadair, I am puzzled by the last paragraph as it is confusing at the best while trying to paraphrase RFC 8126. Let's rather delete it.

### Section A.3.1

Please avoid using real FQDN (e.g., `sni.cloudflaressl.com`) in IETF documents, rather use "example.org"
2026-04-10
17 Éric Vyncke [Ballot Position Update] New position, Discuss, has been recorded for Éric Vyncke
2026-04-10
17 Mohamed Boucadair
[Ballot discuss]
Hi John, Göran, Shahid, Joel, and Martin,

Many thanks for the well-written document. Excellent work.

I have two points to check. I flagged …
[Ballot discuss]
Hi John, Göran, Shahid, Joel, and Martin,

Many thanks for the well-written document. Excellent work.

I have two points to check. I flagged some few nits and minor edits that I will send to the authors in a PR.

# IETF Review with Expert Review

CURRENT:
  All assignments according to "IETF Review with Expert Review" are made on a "IETF Review" basis per {{Section 4.8 of RFC8126}} with "Expert Review" additionally required per {{Section 4.5 of RFC8126}}.

and

the registration procedure is "IETF Review with Expert Review".

I remember that Carsten edited draft-bormann-gendispatch-with-expert-review, but do we have a stable reference where such policy is defined?

# The WG may be closed: not sure how this guidance will age

CURRENT:
  In addition, working group chairs are encouraged to consult the expert(s) early during the process outlined in Section 3.1 of {{RFC7120}}.
2026-04-10
17 Mohamed Boucadair
[Ballot comment]
# Is this already deployed there or these are deployment targets?

CURRENT:
  C509 is deployed in, e.g., in-vehicle and vehicle-to-cloud communication, Uncrewed …
[Ballot comment]
# Is this already deployed there or these are deployment targets?

CURRENT:
  C509 is deployed in, e.g., in-vehicle and vehicle-to-cloud communication, Uncrewed Aircraft Systems (UAS), and Global Navigation Satellite System (GNSS)

“is deployed” won’t age well in an RFC, btw.

# Please consider adding a reference

CURRENT :

  the CBOR encoding can in many cases reduce the size of  RFC7925 profiled certificates by over 50%.

# Any reason why this is repeated here?

CURRENT:
  The procedure for early IANA allocation of "standards track code points" defined in {{RFC7120}} also applies.

Cheers,
Med
2026-04-10
17 Mohamed Boucadair [Ballot Position Update] New position, Discuss, has been recorded for Mohamed Boucadair
2026-04-08
17 Gunter Van de Velde
[Ballot comment]
Many thanks for the write-up. Appreciated.

My observation is that while the shepherd writeup claims nothing noteworthy when running idnits, but when i …
[Ballot comment]
Many thanks for the write-up. Appreciated.

My observation is that while the shepherd writeup claims nothing noteworthy when running idnits, but when i run idnits (https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-cose-cbor-encoded-cert-17.txt) i end up with a long laundry list of observations. Maybe worthwhile to run through the list and explain why they are deemed not meaningful/relevant and add this context in the write-up?

One of those idnits observations is that there may only be v4 examples and no v6 examples?

G/
2026-04-08
17 Gunter Van de Velde [Ballot Position Update] New position, No Objection, has been recorded for Gunter Van de Velde
2026-03-30
17 Ted Lemon Request for Telechat review by DNSDIR Completed: Ready. Reviewer: Ted Lemon. Sent review to list.
2026-03-18
17 Liz Flynn Shepherding AD changed to Christopher Inacio
2026-03-11
17 David Dong
The EDHOC Authentication Credential Types, TLSA Selectors, and TLS Certificate Types registrations have been approved. Comments from the CoAP Content-Formats experts: I've reviewed the request. …
The EDHOC Authentication Credential Types, TLSA Selectors, and TLS Certificate Types registrations have been approved. Comments from the CoAP Content-Formats experts: I've reviewed the request. One thing that surprised me was the presence of an optional parameter "usage" without any explanation for some of the media types defined. Is this a copy/paste error maybe? Has there been a media-types review of these already? Note that for all the CoAP Content-Format requests that do include a "usage" parameter, the explanation is present! So this does not hamper the present registration request. If in Figure 20 the spaces in "usage = chain" and "usage = c509" could be removed, per RFC 9876 Section 4.1.4, and the new media types are approved, then this request can be approved.
2026-03-10
17 Tero Kivinen Request for Telechat review by SECDIR is assigned to Corey Bonnell
2026-03-07
17 Jim Reid Request for Telechat review by DNSDIR is assigned to Ted Lemon
2026-03-06
17 Morgan Condie Placed on agenda for telechat - 2026-04-16
2026-03-06
17 Paul Wouters Ballot has been issued
2026-03-06
17 Paul Wouters [Ballot Position Update] New position, Yes, has been recorded for Paul Wouters
2026-03-06
17 Paul Wouters Created "Approve" ballot
2026-03-06
17 Paul Wouters IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead::AD Followup
2026-03-06
17 Paul Wouters Ballot writeup was changed
2026-03-02
17 (System) Changed action holders to Paul Wouters (IESG state changed)
2026-03-02
17 (System) Sub state has been changed to AD Followup from Revised I-D Needed
2026-03-02
17 (System) IANA Review state changed to Version Changed - Review Needed from IANA - Not OK
2026-03-02
17 Göran Selander New version available: draft-ietf-cose-cbor-encoded-cert-17.txt
2026-03-02
17 (System) New version approved
2026-03-02
17 (System) Request for posting confirmation emailed to previous authors: Goeran Selander , Joel Hoglund , John Mattsson , Martin Furuhed , Shahid Raza
2026-03-02
17 Göran Selander Uploaded new revision
2026-02-12
16 David Dong
The TLS Certificate Types registrations have been approved. Comments from the CoAP Content-Formats experts:

I've reviewed the request. One thing that surprised me was the …
The TLS Certificate Types registrations have been approved. Comments from the CoAP Content-Formats experts:

I've reviewed the request. One thing that surprised me was the presence
of an optional parameter "usage" without any explanation for some of the
media types defined.
Is this a copy/paste error maybe? Has there been a media-types review of
these already?

Note that for all the CoAP Content-Format requests that do include a
"usage" parameter, the explanation is present! So this does not hamper
the present registration request.

If in Figure 20 the spaces in  "usage = chain" and "usage = c509" could
be removed, per RFC 9876 Section 4.1.4, and the new media types are
approved, then this request can be approved.
2026-02-11
16 David Dong The TLS Certificate Types registrations have been approved.
2026-02-11
16 Paul Wouters
There were quite some comments during the IETF LC / Directorate reviews which is good, but does mean we will need another revision before I …
There were quite some comments during the IETF LC / Directorate reviews which is good, but does mean we will need another revision before I can bring this to the IESG Telechat.
2026-02-11
16 (System) Changed action holders to John Preuß Mattsson, Göran Selander, Shahid Raza, Joel Höglund, Martin Furuhed (IESG state changed)
2026-02-11
16 Paul Wouters IESG state changed to Waiting for AD Go-Ahead::Revised I-D Needed from Waiting for AD Go-Ahead
2026-02-10
16 (System) IESG state changed to Waiting for AD Go-Ahead from In Last Call
2026-02-10
16 David Dong IANA Experts State changed to Reviews assigned
2026-02-09
16 David Dong
IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-cose-cbor-encoded-cert-16. If any part of this review is inaccurate, please let us know.

IANA has a question …
IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-cose-cbor-encoded-cert-16. If any part of this review is inaccurate, please let us know.

IANA has a question about one of the actions requested in the IANA Considerations section of this document.

IANA understands that, upon approval of this document, there are twenty actions which we must complete.

First, a new registry group is to be created on the IANA Matrix located at:

https://www.iana.org/protocols

with the name CBOR Encoded X.509 (C509) Parameters and a reference of [ RFC-to-be ].

Second, a new registry is to be created called the C509 Certificate Types registry. The new registry will be located in the registry group called CBOR Encoded X.509 (C509) Parameters and created in the first IANA action documented above. The registration rules for the new registry are:

-65536 - -25: Expert Review
-24 - 23: IETF Review with Expert Review
24 - 65535: Expert Review

There are initial registrations in the new registry as follows:

Value Description Reference
0 Reserved [ RFC-to-be ]
1 Reserved [ RFC-to-be ]
2 Natively Signed C509 Certificate [ RFC-to-be ]
3 CBOR Re-encoded X.509 v3 Certificate [ RFC-to-be ]

Third, a new registry is to be created called the C509 Certificate Request Types registry. The new registry will also be located in the registry group called CBOR Encoded X.509 (C509) Parameters and created in the first IANA action documented above. The registration rules for the new registry are:

-65536 - -25: Expert Review
-24 - 23: IETF Review with Expert Review
24 - 65535: Expert Review

There are initial registrations in the new registry as follows:

Value Description Reference
0 Requested certificate is C509 Type 2. Natively Signed C509 Certificate Request. [ RFC-to-be ]
1 Requested certificate is C509 Type 2. CBOR re-encoding of RFC 2986 certification request. [ RFC-to-be ]
2 Requested certificate is C509 Type 3. Natively Signed C509 Certificate Request. [ RFC-to-be ]
3 Requested certificate is C509 Type 3. CBOR re-encoding of RFC 2986 certification request. [ RFC-to-be ]

Fourth, a new registry is to be created called the C509 Private Key Types registry. The new registry will also be located in the registry group called CBOR Encoded X.509 (C509) Parameters and created in the first IANA action documented above. The registration rules for the new registry are:

-65536 - -25: Expert Review
-24 - 23: IETF Review with Expert Review
24 - 65535: Expert Review

There are initial registrations in the new registry as follows:

Value Private Key Types Reference
0 Comments: Asymmetric Key Package (RFC 5958) [ RFC-to-be ]
subjectPrivateKey: bytes
1 Comments: COSE Key Object (RFC 9052) [ RFC-to-be ]
subjectPrivateKey: COSE_Key

Fifth, a new registry is to be created called the C509 Certificate Request Templates Types registry. The new registry will also be located in the registry group called CBOR Encoded X.509 (C509) Parameters and created in the first IANA action documented above. The registration rules for the new registry are:

-65536 - -25: Expert Review
-24 - 23: IETF Review with Expert Review
24 - 65535: Expert Review

There is an initial registration in the new registry as follows:

Value Description Reference
0 Simple C509 Certificate Request Template [ RFC-to-be ]

Sixth, a new registry is to be created called the C509 Attributes Types registry. The new registry will also be located in the registry group called CBOR Encoded X.509 (C509) Parameters and created in the first IANA action documented above. The registration rules for the new registry are:

0 - 23: IETF Review with Expert Review
24 - 32767: Expert Review
32768 - 65535: Private Use

There are initial registrations in the new registry as follows:

Value Attribute Reference

0 Name: Email Address [ RFC-to-be ]
Identifiers: emailAddress, e-mailAddress
OID: 1.2.840.113549.1.9.1
DER: 06 09 2A 86 48 86 F7 0D 01 09 01
Comments:

1 Name: Common Name [ RFC-to-be ]
Identifiers: commonName, cn
OID: 2.5.4.3
DER: 06 03 55 04 03
Comments:

2 Name: Surname [ RFC-to-be ]
Identifiers: surname, sn
OID: 2.5.4.4
DER: 06 03 55 04 04
Comments:

3 Name: Serial Number [ RFC-to-be ]
Identifiers: serialNumber
OID: 2.5.4.5
DER: 06 03 55 04 05
Comments:

4 Name: Country [ RFC-to-be ]
Identifiers: countryName, c
OID: 2.5.4.6
DER: 06 03 55 04 06
Comments:

5 Name: Locality [ RFC-to-be ]
Identifiers: localityName, locality, l
OID: 2.5.4.7
DER: 06 03 55 04 07
Comments:

6 Name: State or Province [ RFC-to-be ]
Identifiers: stateOrProvinceName, st
OID: 2.5.4.8
DER: 06 03 55 04 08
Comments:

7 Name: Street Address [ RFC-to-be ]
Identifiers: streetAddress, street
OID: 2.5.4.9
DER: 06 03 55 04 09
Comments:

8 Name: Organization [ RFC-to-be ]
Identifiers: organizationName, o
OID: 2.5.4.10
DER: 06 03 55 04 0A
Comments:

9 Name: Organizational Unit [ RFC-to-be ]
Identifiers: organizationalUnitName, ou
OID: 2.5.4.11
DER: 06 03 55 04 0B
Comments:

10 Name: Title [ RFC-to-be ]
Identifiers: title
OID: 2.5.4.12
DER: 06 03 55 04 0C
Comments:

11 Name: Business Category [ RFC-to-be ]
Identifiers: businessCategory
OID: 2.5.4.15
DER: 06 03 55 04 0F
Comments:

12 Name: Postal Code [ RFC-to-be ]
Identifiers: postalCode
OID: 2.5.4.17
DER: 06 03 55 04 11
Comments:

13 Name: Given Name [ RFC-to-be ]
Identifiers: givenName
OID: 2.5.4.42
DER: 06 03 55 04 2A
Comments:

14 Name: Initials [ RFC-to-be ]
Identifiers: initials
OID: 2.5.4.43
DER: 06 03 55 04 2B
Comments:

15 Name: Generation Qualifier [ RFC-to-be ]
Identifiers: generationQualifier
OID: 2.5.4.44
DER: 06 03 55 04 2C
Comments:

16 Name: DN Qualifier [ RFC-to-be ]
Identifiers: dnQualifier
OID: 2.5.4.46
DER: 06 03 55 04 2E
Comments:

17 Name: Pseudonym [ RFC-to-be ]
Identifiers: pseudonym
OID: 2.5.4.65
DER: 06 03 55 04 41
Comments:

18 Name: Organization Identifier [ RFC-to-be ]
Identifiers: organizationIdentifier
OID: 2.5.4.97
DER: 06 03 55 04 61
Comments:

19 Name: Inc. Locality [ RFC-to-be ]
Identifiers: jurisdictionOfIncorporationLocalityName
OID: 1.3.6.1.4.1.311.60.2.1.1
DER: 06 0B 2B 06 01 04 01 82 37 3C 02 01 01
Comments:

20 Name: Inc. State or Province [ RFC-to-be ]
Identifiers: jurisdictionOfIncorporationStateOrProvinceName
OID: 1.3.6.1.4.1.311.60.2.1.2
DER: 06 0B 2B 06 01 04 01 82 37 3C 02 01 02
Comments:

21 Name: Inc. Country [ RFC-to-be ]
Identifiers: jurisdictionOfIncorporationCountryName
OID: 1.3.6.1.4.1.311.60.2.1.3
DER: 06 0B 2B 06 01 04 01 82 37 3C 02 01 03
Comments:

22 Name: Domain Component [ RFC-to-be ]
Identifiers: domainComponent, dc
OID: 0.9.2342.19200300.100.1.25
DER: 06 0A 09 92 26 89 93 F2 2C 64 01 19
Comments:

25 Name: Name [ RFC-to-be ]
Identifiers: name
OID: 2.5.4.41
DER: 06 03 55 04 29
Comments:

26 Name: Telephone Number [ RFC-to-be ]
Identifiers: telephoneNumber
OID: 2.5.4.20
DER: 06 03 55 04 14
Comments:

27 Name: Directory Management Domain Name [ RFC-to-be ]
Identifiers: dmdName
OID: 2.5.4.54
DER: 06 03 55 04 36
Comments:

28 Name: userid [ RFC-to-be ]
Identifiers: uid
OID: 0.9.2342.19200300.100.1.1
DER: 06 0A 09 92 26 89 93 F2 2C 64 01 01
Comments:

29 Name: Unstructured Name [ RFC-to-be ]
Identifiers: unstructuredName
OID: 1.2.840.113549.1.9.2
DER: 06 09 2A 86 48 86 F7 0D 01 09 02
Comments:

30 Name: Unstructured Address [ RFC-to-be ]
Identifiers: unstructuredAddress
OID: 1.2.840.113549.1.9.8
DER: 06 0A 2A 86 48 86 F7 0D 01 09 08 00

Seventh, a new registry is to be created called the C509 Extensions registry. The new registry will also be located in the registry group called CBOR Encoded X.509 (C509) Parameters and created in the first IANA action documented above. The registration rules for the new registry are:

0 - 23: IETF Review with Expert Review
24 - 32767: Expert Review
32768 - 65535: Private Use

There are initial registrations in the new registry as follows:

Value Extension Reference
1 Name: Subject Key Identifier [ RFC-to-be ]
Identifiers: subjectKeyIdentifier
OID: 2.5.29.14
DER: 06 03 55 1D 0E
Comments:
extensionValue: SubjectKeyIdentifier

2 Name: Key Usage [ RFC-to-be ]
Identifiers: keyUsage
OID: 2.5.29.15
DER: 06 03 55 1D 0F
Comments:
AttributeValue: KeyUsage

3 Name: Subject Alternative Name [ RFC-to-be ]
Identifiers: subjectAltName
OID: 2.5.29.17
DER: 06 03 55 1D 11
Comments:
extensionValue: SubjectAltName

4 Name: Basic Constraints [ RFC-to-be ]
Identifiers: basicConstraints
OID: 2.5.29.19
DER: 06 03 55 1D 13
Comments:
extensionValue: BasicConstraints

5 Name: CRL Distribution Points [ RFC-to-be ]
Identifiers: cRLDistributionPoints
OID: 2.5.29.31
DER: 06 03 55 1D 1F
Comments:
extensionValue: CRLDistributionPoints

6 Name: Certificate Policies [ RFC-to-be ]
Identifiers: certificatePolicies
OID: 2.5.29.32
DER: 06 03 55 1D 20
Comments:
extensionValue: CertificatePolicies

7 Name: Authority Key Identifier [ RFC-to-be ]
Identifiers: authorityKeyIdentifier
OID: 2.5.29.35
DER: 06 03 55 1D 23
Comments:
extensionValue: AuthorityKeyIdentifier

8 Name: Extended Key Usage [ RFC-to-be ]
Identifiers: extKeyUsage
OID: 2.5.29.37
DER: 06 03 55 1D 25
Comments:
extensionValue: ExtKeyUsageSyntax

9 Name: Authority Information Access [ RFC-to-be ]
Identifiers: authorityInfoAccess
OID: 1.3.6.1.5.5.7.1.1
DER: 06 08 2B 06 01 05 05 07 01 01
Comments:
extensionValue: AuthorityInfoAccessSyntax

10 Name: Signed Certificate Timestamp List [ RFC-to-be ]
Identifiers:
OID: 1.3.6.1.4.1.11129.2.4.2
DER: 06 0A 2B 06 01 04 01 D6 79 02 04 02
Comments:
extensionValue: SignedCertificateTimestamps

24 Name: Subject Directory Attributes [ RFC-to-be ]
Identifiers: subjectDirectoryAttributes
OID: 2.5.29.9
DER: 06 03 55 1D 09
Comments:
extensionValue: SubjectDirectoryAttributes

25 Name: Issuer Alternative Name [ RFC-to-be ]
Identifiers: issuerAltName
OID: 2.5.29.18
DER: 06 03 55 1D 12
Comments:
extensionValue: IssuerAltName

26 Name: Name Constraints [ RFC-to-be ]
Identifiers: nameConstraints
OID: 2.5.29.30
DER: 06 03 55 1D 1E
Comments:
extensionValue: NameConstraints

27 Name: Policy Mappings [ RFC-to-be ]
Identifiers: policyMappings
OID: 2.5.29.33
DER: 06 03 55 1D 21
Comments:
extensionValue: PolicyMappings

28 Name: Policy Constraints [ RFC-to-be ]
Identifiers: policyConstraints
OID: 2.5.29.36
DER: 06 03 55 1D 24
Comments:
extensionValue: PolicyConstraints

29 Name: Freshest CRL [ RFC-to-be ]
Identifiers: freshestCRL
OID: 2.5.29.46
DER: 06 03 55 1D 2E
Comments:
extensionValue: FreshestCRL

30 Name: Inhibit anyPolicy [ RFC-to-be ]
Identifiers: inhibitAnyPolicy
OID: 2.5.29.54
DER: 06 03 55 1D 36
Comments:
extensionValue: InhibitAnyPolicy

31 Name: Subject Information Access [ RFC-to-be ]
Identifiers: subjectInfoAccess
OID: 1.3.6.1.5.5.7.1.11
DER: 06 08 2B 06 01 05 05 07 01 0B
Comments:
extensionValue: SubjectInfoAccessSyntax

32 Name: IP Resources [ RFC-to-be ]
Identifiers: id-pe-ipAddrBlocks
OID: 1.3.6.1.5.5.7.1.7
DER: 06 08 2B 06 01 05 05 07 01 07
Comments:
extensionValue: IPAddrBlocks

33 Name: AS Resources [ RFC-to-be ]
Identifiers: id-pe-autonomousSysIds
OID: 1.3.6.1.5.5.7.1.8
DER: 06 08 2B 06 01 05 05 07 01 08
Comments:
extensionValue: ASIdentifiers

34 Name: IP Resources v2 [ RFC-to-be ]
Identifiers: id-pe-ipAddrBlocks-v2
OID: 1.3.6.1.5.5.7.1.28
DER: 06 08 2B 06 01 05 05 07 01 1C
Comments:
extensionValue: IPAddrBlocks

35 Name: AS Resources v2 [ RFC-to-be ]
Identifiers: id-pe-autonomousSysIds-v2
OID: 1.3.6.1.5.5.7.1.29
DER: 06 08 2B 06 01 05 05 07 01 1D
Comments:
extensionValue: ASIdentifiers

36 Name: OCSP No Check [ RFC-to-be ]
Identifiers: id-pkix-ocsp-nocheck
OID: 1.3.6.1.5.5.7.48.1.5
DER: 06 09 2B 06 01 05 05 07 30 01 05
Comments:
extensionValue: null

37 Name: Precertificate Signing Certificate [ RFC-to-be ]
Identifiers:
OID: 1.3.6.1.4.1.11129.2.4.3
DER: 06 0A 2B 06 01 04 01 D6 79 02 04 03
Comments: RFC 6962
extensionValue: null

38 Name: TLS Features [ RFC-to-be ]
Identifiers: id-pe-tlsfeature
OID: 1.3.6.1.5.5.7.1.24
DER: 06 08 2B 06 01 05 05 07 01 18
Comments: RFC 7633
extensionValue: TLSFeatures

255 Name: Challenge Password [ RFC-to-be ]
Identifiers: challengePassword
OID: 1.2.840.113549.1.9.7
DER: 06 09 2A 86 48 86 F7 0D 01 09 07
Comments: Certificate Request Attributes
extensionValue: ChallengePassword

Eighth, a new registry is to be created called the C509 Certificate Policies registry. The new registry will also be located in the registry group called CBOR Encoded X.509 (C509) Parameters and created in the first IANA action documented above. The registration rules for the new registry are:

-65535 - -25: Expert Review
-24 - 23: IETF Review with Expert Review
24 - 32767: Expert Review
32768 - 65535: Private Use

There are initial registrations in the new registry as follows:

Value Certificate Policy Reference
0 Name: Any Policy [ RFC-to-be ]
Identifiers: anyPolicy
OID: 2.5.29.32.0
DER: 06 04 55 1D 20 00
Comments:

1 Name: Domain Validation (DV) [ RFC-to-be ]
Identifiers: domain-validated
OID: 2.23.140.1.2.1
DER: 06 06 67 81 0C 01 02 01
Comments:

2 Name: Organization Validation (OV) [ RFC-to-be ]
Identifiers: organization-validated
OID: 2.23.140.1.2.2
DER: 06 06 67 81 0C 01 02 02
Comments:

3 Name: Individual Validation (IV) [ RFC-to-be ]
Identifiers: individual-validated
OID: 2.23.140.1.2.3
DER: 06 06 67 81 0C 01 02 03
Comments:

4 Name: Extended Validation (EV) [ RFC-to-be ]
Identifiers: ev-guidelines
OID: 2.23.140.1.1
DER: 06 05 67 81 0C 01 01
Comments:

7 Name: Resource PKI (RPKI) [ RFC-to-be ]
Identifiers: id-cp-ipAddr-asNumber
OID: 1.3.6.1.5.5.7.14.2
DER: 06 08 2B 06 01 05 05 07 0E 02
Comments:

8 Name: Resource PKI (RPKI) (Alternative) [ RFC-to-be ]
Identifiers: id-cp-ipAddr-asNumber-v2
OID: 1.3.6.1.5.5.7.14.3
DER: 06 08 2B 06 01 05 05 07 0E 03
Comments:

10 Name: Remote SIM Provisioning Role Certificate Issuer [ RFC-to-be ]
Identifiers: id-rspRole-ci
OID: 2.23.146.1.2.1.0
DER: 06 07 67 81 12 01 02 01 00
Comments:

11 Name: Remote SIM Provisioning Role eUICC [ RFC-to-be ]
Identifiers: id-rspRole-euicc
OID: 2.23.146.1.2.1.1
DER: 06 07 67 81 12 01 02 01 01
Comments:

12 Name: Remote SIM Provisioning Role eUICC Manufacturer [ RFC-to-be ]
Identifiers: id-rspRole-eum
OID: 2.23.146.1.2.1.2
DER: 06 07 67 81 12 01 02 01 02
Comments:

13 Name: Remote SIM Provisioning Role SM-DP+ TLS [ RFC-to-be ]
Identifiers: id-rspRole-dp-tls
OID: 2.23.146.1.2.1.3
DER: 06 07 67 81 12 01 02 01 03
Comments:

14 Name: Remote SIM Provisioning Role SM-DP+ Authentication [ RFC-to-be ]
Identifiers: id-rspRole-dp-auth
OID: 2.23.146.1.2.1.4
DER: 06 07 67 81 12 01 02 01 04
Comments:

15 Name: Remote SIM Provisioning Role SM-DP+ Profile Binding [ RFC-to-be ]
Identifiers: id-rspRole-dp-pb
OID: 2.23.146.1.2.1.5
DER: 06 07 67 81 12 01 02 01 05
Comments:

16 Name: Remote SIM Provisioning Role SM-DS TLS [ RFC-to-be ]
Identifiers: id-rspRole-ds-tls
OID: 2.23.146.1.2.1.6
DER: 06 07 67 81 12 01 02 01 06
Comments:

17 Name: Remote SIM Provisioning Role SM-DS Authentication [ RFC-to-be ]
Identifiers: id-rspRole-ds-auth
OID: 2.23.146.1.2.1.7
DER: 06 07 67 81 12 01 02 01 07
Comments:

Ninth, a new registry is to be created called the C509 Policies Qualifiers registry. The new registry will also be located in the registry group called CBOR Encoded X.509 (C509) Parameters and created in the first IANA action documented above. The registration rules for the new registry are:

-65535 - -25: Expert Review
-24 - 23: IETF Review with Expert Review
24 - 32767: Expert Review
32768 - 65535: Private Use

There are initial registrations in the new registry as follows:

Value Certificate Policy Reference
1 Name: Certification Practice Statement [ RFC-to-be ]
Identifiers: id-qt-cps, cps
OID: 1.3.6.1.5.5.7.2.1
DER: 06 08 2B 06 01 05 05 07 02 01
Comments:

2 Name: User Notice [ RFC-to-be ]
Identifiers: id-qt-unotice, unotice
OID: 1.3.6.1.5.5.7.2.2
DER: 06 08 2B 06 01 05 05 07 02 02

Tenth, a new registry is to be created called the C509 Information Access registry. The new registry will also be located in the registry group called CBOR Encoded X.509 (C509) Parameters and created in the first IANA action documented above. The registration rules for the new registry are:

-65535 - -25: Expert Review
-24 - 23: IETF Review with Expert Review
24 - 65535: Expert Review

There are initial registrations in the new registry as follows:

Value Information Access Reference
1 Name: OCSP [ RFC-to-be ]
Identifiers: id-ad-ocsp, id-pkix-ocsp
OID: 1.3.6.1.5.5.7.48.1
DER: 06 08 2B 06 01 05 05 07 30 01
Comments:

2 Name: CA Issuers [ RFC-to-be ]
Identifiers: id-ad-caIssuers, caIssuers
OID: 1.3.6.1.5.5.7.48.2
DER: 06 08 2B 06 01 05 05 07 30 02
Comments:

3 Name: Time Stamping [ RFC-to-be ]
Identifiers: id-ad-timeStamping, timeStamping
OID: 1.3.6.1.5.5.7.48.3
DER: 06 08 2B 06 01 05 05 07 30 03
Comments:

5 Name: CA Repository [ RFC-to-be ]
Identifiers: id-ad-caRepository
OID: 1.3.6.1.5.5.7.48.5
DER: 06 08 2B 06 01 05 05 07 30 05
Comments:

10 Name: RPKI Manifest [ RFC-to-be ]
Identifiers: id-ad-rpkiManifest
OID: 1.3.6.1.5.5.7.48.10
DER: 06 08 2B 06 01 05 05 07 30 0A
Comments: RFC 6487

11 Name: Signed Object [ RFC-to-be ]
Identifiers: id-ad-signedObject
OID: 1.3.6.1.5.5.7.48.11
DER: 06 08 2B 06 01 05 05 07 30 0B
Comments: RFC 6487

13 Name: RPKI Notify [ RFC-to-be ]
Identifiers: id-ad-rpkiNotify
OID: 1.3.6.1.5.5.7.48.13
DER: 06 08 2B 06 01 05 05 07 30 0D
Comments: RFC 8182

Eleventh, a new registry is to be created called the C509 Extended Key Usages registry. The new registry will also be located in the registry group called CBOR Encoded X.509 (C509) Parameters and created in the first IANA action documented above. The registration rules for the new registry are:

-65535 - -25: Expert Review
-24 - 23: IETF Review with Expert Review
24 - 32767: Expert Review
32768 - 65535: Private Use

There are initial registrations in the new registry as follows:

Value Extended Key Usage Reference
0 Name: Any Extended Key Usage [ RFC-to-be ]
Identifiers: anyExtendedKeyUsage
OID: 2.5.29.37.0
DER: 06 04 55 1D 25 00
Comments: RFC 5280

1 Name: TLS Server authentication [ RFC-to-be ]
Identifiers: id-kp-serverAuth
OID: 1.3.6.1.5.5.7.3.1
DER: 06 08 2B 06 01 05 05 07 03 01
Comments: RFC 5280

2 Name: TLS Client Authentication [ RFC-to-be ]
Identifiers: id-kp-clientAuth
OID: 1.3.6.1.5.5.7.3.2
DER: 06 08 2B 06 01 05 05 07 03 02
Comments: RFC 5280

3 Name: Code Signing [ RFC-to-be ]
Identifiers: id-kp-codeSigning
OID: 1.3.6.1.5.5.7.3.3
DER: 06 08 2B 06 01 05 05 07 03 03
Comments: RFC 5280

4 Name: Email protection (S/MIME) [ RFC-to-be ]
Identifiers: id-kp-emailProtection
OID: 1.3.6.1.5.5.7.3.4
DER: 06 08 2B 06 01 05 05 07 03 04
Comments: RFC 5280

8 Name: Time Stamping
Identifiers: id-kp-timeStamping, timestamping [ RFC-to-be ]
OID: 1.3.6.1.5.5.7.3.8
DER: 06 08 2B 06 01 05 05 07 03 08
Comments:

9 Name: OCSP Signing [ RFC-to-be ]
Identifiers: id-kp-OCSPSigning
OID: 1.3.6.1.5.5.7.3.9
DER: 06 08 2B 06 01 05 05 07 03 09
Comments: RFC 5280

10 Name: Kerberos PKINIT Client Auth [ RFC-to-be ]
Identifiers: id-pkinit-KPClientAuth
OID: 1.3.6.1.5.2.3.4
DER: 06 07 2B 06 01 05 02 03 04
Comments: RFC 4556

11 Name: Kerberos PKINIT KDC [ RFC-to-be ]
Identifiers: id-pkinit-KPKdc
OID: 1.3.6.1.5.2.3.5
DER: 06 07 2B 06 01 05 02 03 05
Comments: RFC 4556

12 Name: SSH Client [ RFC-to-be ]
Identifiers: id-kp-secureShellClient
OID: 1.3.6.1.5.5.7.3.21
DER: 06 08 2B 06 01 05 05 07 03 15
Comments: RFC 6187

13 Name: SSH Server [ RFC-to-be ]
Identifiers: id-kp-secureShellServer
OID: 1.3.6.1.5.5.7.3.22
DER: 06 08 2B 06 01 05 05 07 03 16
Comments: RFC 6187

14 Name: Bundle Security [ RFC-to-be ]
Identifiers: id-kp-bundleSecurity
OID: 1.3.6.1.5.5.7.3.35
DER: 06 08 2B 06 01 05 05 07 03 23
Comments: RFC 9174

15 Name: CMC Certification Authority [ RFC-to-be ]
Identifiers: id-kp-cmcCA
OID: 1.3.6.1.5.5.7.3.27
DER: 06 08 2B 06 01 05 05 07 03 1B
Comments: RFC 6402

16 Name: CMC Registration Authority [ RFC-to-be ]
Identifiers: id-kp-cmcRA
OID: 1.3.6.1.5.5.7.3.28
DER: 06 08 2B 06 01 05 05 07 03 1C
Comments: RFC 6402

17 Name: CMC Archive Server [ RFC-to-be ]
Identifiers: id-kp-cmcArchive
OID: 1.3.6.1.5.5.7.3.29
DER: 06 08 2B 06 01 05 05 07 03 1D
Comments: RFC 6402

18 Name: CMC Key Generation Authority [ RFC-to-be ]
Identifiers: id-kp-cmKGA
OID: 1.3.6.1.5.5.7.3.32
DER: 06 08 2B 06 01 05 05 07 03 20
Comments: RFC 9480

19 Name: Certificate Transparency [ RFC-to-be ]
Identifiers:
OID: 1.3.6.1.4.1.11129.2.4.4
DER: 06 0A 2B 06 01 04 01 D6 79 02 04 04
Comments: RFC 6962

Twelvth, a new registry is to be created called the C509 General Names registry. The new registry will also be located in the registry group called CBOR Encoded X.509 (C509) Parameters and created in the first IANA action documented above. The registration rules for the new registry are:

-65535 - -25: Expert Review
-24 - 23: IETF Review with Expert Review
24 - 65535: Expert Review

There are initial registrations in the new registry as follows:

Value General Names Reference
-2 Name: otherName with SmtpUTF8Mailbox [ RFC-to-be ]
Comments: id-on-SmtpUTF8Mailbox
(1.3.6.1.5.5.7.8.9)
06 08 2B 06 01 05 05 07 08 09
Value: text

-1 Name: otherName with hardwareModuleName [ RFC-to-be ]
Comments: id-on-hardwareModuleName
(1.3.6.1.5.5.7.8.4)
06 08 2B 06 01 05 05 07 08 04
Value: [ ~oid, bytes ]

0 Name: otherName [ RFC-to-be ]
Comments:
Value: [ ~oid, bytes ]

1 Name: rfc822Name [ RFC-to-be ]
Comments:
Value: text

2 Name: dNSName [ RFC-to-be ]
Comments:
Value: text

4 Name: directoryName [ RFC-to-be ]
Comments:
Value: Name

6 Name: uniformResourceIdentifier [ RFC-to-be ]
Comments:
Value: text

7 Name: iPAddress [ RFC-to-be ]
Comments:
Value: bytes

8 Name: registeredID [ RFC-to-be ]
Comments:
Value: ~oid

Thirteenth, a new registry is to be created called the C509 Signature Algorithms registry. The new registry will also be located in the registry group called CBOR Encoded X.509 (C509) Parameters and created in the first IANA action documented above. The registration rules for the new registry are:

-65535 - -25: Expert Review
-24 - 23: IETF Review with Expert Review
24 - 65535: Expert Review

There are initial registrations in the new registry as follows:

Value X.509 Signature Algorithms Reference
-256 Name: RSASSA-PKCS1-v1_5 with SHA-1 [ RFC-to-be ]
Identifiers: sha1-with-rsa-signature, sha1WithRSAEncryption, sha-1WithRSAEncryption
OID: 1.2.840.113549.1.1.5
Parameters: NULL
DER: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00
Comments: Don't use

-255 Name: ECDSA with SHA-1 [ RFC-to-be ]
Identifiers: ecdsa-with-SHA1
OID: 1.2.840.10045.4.1
Parameters: Absent
DER: 30 09 06 07 2A 86 48 CE 3D 04 01
Comments: Don't use. Compressed signature value

0 Name: ECDSA with SHA-256 [ RFC-to-be ]
Identifiers: ecdsa-with-SHA256
OID: 1.2.840.10045.4.3.2
Parameters: Absent
DER: 30 0A 06 08 2A 86 48 CE 3D 04 03 02
Comments: Compressed signature value

1 Name: ECDSA with SHA-384 [ RFC-to-be ]
Identifiers: ecdsa-with-SHA384
OID: 1.2.840.10045.4.3.3
Parameters: Absent
DER: 30 0A 06 08 2A 86 48 CE 3D 04 03 03
Comments: Compressed signature value

2 Name: ECDSA with SHA-512 [ RFC-to-be ]
Identifiers: ecdsa-with-SHA512
OID: 1.2.840.10045.4.3.4
Parameters: Absent
DER: 30 0A 06 08 2A 86 48 CE 3D 04 03 04
Comments: Compressed signature value

3 Name: ECDSA with SHAKE128 [ RFC-to-be ]
Identifiers: id-ecdsa-with-shake128
OID: 1.3.6.1.5.5.7.6.32
Parameters: Absent
DER: 30 0A 06 08 2B 06 01 05 05 07 06 20
Comments: Compressed signature value

4 Name: ECDSA with SHAKE256 [ RFC-to-be ]
Identifiers: id-ecdsa-with-shake256
OID: 1.3.6.1.5.5.7.6.33
Parameters: Absent
DER: 30 0A 06 08 2B 06 01 05 05 07 06 21
Comments: Compressed signature value

12 Name: Ed25519 [ RFC-to-be ]
Identifiers: id-Ed25519, id-EdDSA25519
OID: 1.3.101.112
Parameters: Absent
DER: 30 05 06 03 2B 65 70
Comments:

13 Name: Ed448 [ RFC-to-be ]
Identifiers: id-Ed448, id-EdDSA448
OID: 1.3.101.113
Parameters: Absent
DER: 30 05 06 03 2B 65 71
Comments:

14 Name: PoP with SHA-256 and HMAC-SHA256 [ RFC-to-be ]
Identifiers: sa-ecdhPop-sha256-hmac-sha256
OID: 1.3.6.1.5.5.7.6.26
Parameters: Absent
DER: 30 0A 06 08 2B 06 01 05 05 07 06 1A
Comments: Proof-of-possession algorithm, indexed with KDF and MAC, see RFC 6955. Requires recipient's public static Diffie-Hellman key

15 Name: PoP with SHA-384 and HMAC-SHA384 [ RFC-to-be ]
Identifiers: sa-ecdhPop-sha384-hmac-sha384
OID: 1.3.6.1.5.5.7.6.27
Parameters: Absent
DER: 30 0A 06 08 2B 06 01 05 05 07 06 1B
Comments: Proof-of-possession algorithm, indexed with KDF and MAC, see RFC 6955. Requires recipient's public static Diffie-Hellman key

16 Name: PoP with SHA-512 and HMAC-SHA512 [ RFC-to-be ]
Identifiers: sa-ecdhPop-sha512-hmac-sha512
OID: 1.3.6.1.5.5.7.6.28
Parameters: Absent
DER: 30 0A 06 08 2B 06 01 05 05 07 06 1C
Comments: Proof-of-possession algorithm, indexed with KDF and MAC, see RFC 6955. Requires recipient's public static Diffie-Hellman key

23 Name: RSASSA-PKCS1-v1_5 with SHA-256 [ RFC-to-be ]
Identifiers: sha256WithRSAEncryption
OID: 1.2.840.113549.1.1.11
Parameters: NULL
DER: 30 0B 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00
Comments:

24 Name: RSASSA-PKCS1-v1_5 with SHA-384 [ RFC-to-be ]
Identifiers: sha384WithRSAEncryption
OID: 1.2.840.113549.1.1.12
Parameters: NULL
DER: 30 0B 06 09 2A 86 48 86 F7 0D 01 01 0C 05 00
Comments:

25 Name: RSASSA-PKCS1-v1_5 with SHA-512 [ RFC-to-be ]
Identifiers: sha512WithRSAEncryption
OID: 1.2.840.113549.1.1.13
Parameters: NULL
DER: 30 0B 06 09 2A 86 48 86 F7 0D 01 01 0D 05 00
Comments:

26 Name: RSASSA-PSS with SHA-256 [ RFC-to-be ]
Identifiers: rsassa-pss, id-RSASSA-PSS
OID: 1.2.840.113549.1.1.10
Parameters: SHA-256, MGF-1 with SHA-256, saltLength = 32
DER: 30 41 06 09 2A 86 48 86 F7 0D 01 01 0A 30 34 A0 0F 30 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 A1 1C 30 1A 06 09 2A 86 48 86 F7 0D 01 01 08 30 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 a2 03 02 01 20
Comments:

27 Name: RSASSA-PSS with SHA-384 [ RFC-to-be ]
Identifiers: rsassa-pss, id-RSASSA-PSS
OID: 1.2.840.113549.1.1.10
Parameters: SHA-384, MGF-1 with SHA-384, saltLength = 48
DER: 30 41 06 09 2A 86 48 86 F7 0D 01 01 0A 30 34 A0 0F 30 0D 06 09 60 86 48 01 65 03 04 02 02 05 00 A1 1C 30 1A 06 09 2A 86 48 86 F7 0D 01 01 08 30 0D 06 09 60 86 48 01 65 03 04 02 02 05 00 A2 03 02 01 30
Comments:

28 Name: RSASSA-PSS with SHA-512 [ RFC-to-be ]
Identifiers: rsassa-pss, id-RSASSA-PSS
OID: 1.2.840.113549.1.1.10
Parameters: SHA-512, MGF-1 with SHA-512, saltLength = 64
DER: 30 41 06 09 2A 86 48 86 F7 0D 01 01 0A 30 34 A0 0F 30 0D 06 09 60 86 48 01 65 03 04 02 03 05 00 A1 1C 30 1A 06 09 2A 86 48 86 F7 0D 01 01 08 30 0D 06 09 60 86 48 01 65 03 04 02 03 05 00 A2 03 02 01 40
Comments:

29 Name: RSASSA-PSS with SHAKE128 [ RFC-to-be ]
Identifiers: id-RSASSA-PSS-SHAKE128
OID: 1.3.6.1.5.5.7.6.30
Parameters: Absent
DER: 30 0A 06 08 2B 06 01 05 05 07 06 1E
Comments:

30 Name: RSASSA-PSS with SHAKE256 [ RFC-to-be ]
Identifiers: id-RSASSA-PSS-SHAKE256
OID: 1.3.6.1.5.5.7.6.31
Parameters: Absent
DER: 30 0A 06 08 2B 06 01 05 05 07 06 1F
Comments:

45 Name: SM2 with SM3 [ RFC-to-be ]
Identifiers: sm2-with-sm3
OID: 1.2.156.10197.1.501
Parameters: Absent
DER: 30 0A 06 08 2A 81 1C CF 55 01 83 75
Comments: Compressed signature value

Fourteenth, a new registry is to be created called the C509 Public Key Algorithms registry. The new registry will also be located in the registry group called CBOR Encoded X.509 (C509) Parameters and created in the first IANA action documented above. The registration rules for the new registry are:

-65535 - -25: Expert Review
-24 - 23: IETF Review with Expert Review
24 - 65535: Expert Review

IANA Question --> Is the note in section 9.13.1 intended to be a note in the registry, or is it sufficient to have this text available to the reader of the published RFC?

There are initial registrations in the new registry as follows:

Value X.509 Public Key Algorithms Reference
0 Name: RSA [ RFC-to-be ]
Identifiers: rsaEncryption
OID: 1.2.840.113549.1.1.1
Parameters: NULL
DER: 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00
Comments: Compressed subjectPublicKey

1 Name: EC Public Key (Weierstrafl) with secp256r1 [ RFC-to-be ]
Identifiers: ecPublicKey, id-ecPublicKey
OID: 1.2.840.10045.2.1
Parameters: namedCurve = secp256r1 (1.2.840.10045.3.1.7)
DER: 30 13 06 07 2A 86 48 CE 3D 02 01 06 08 2A 86 48 CE 3D 03 01 07
Comments: Compressed subjectPublicKey Also known as P-256, ansip256r1, prime256v1

2 Name: EC Public Key (Weierstrafl) with secp384r1 [ RFC-to-be ]
Identifiers: ecPublicKey, id-ecPublicKey
OID: 1.2.840.10045.2.1
Parameters: namedCurve = secp384r1 (1.3.132.0.34)
DER: 30 10 06 07 2A 86 48 CE 3D 02 01 06 05 2B 81 04 00 22
Comments: Compressed subjectPublicKey Also known as P-384, ansip384r1

3 Name: EC Public Key (Weierstrafl) with secp521r1 [ RFC-to-be ]
Identifiers: ecPublicKey, id-ecPublicKey
OID: 1.2.840.10045.2.1
Parameters: namedCurve = secp521r1 (1.3.132.0.35)
DER: 30 10 06 07 2A 86 48 CE 3D 02 01 06 05 2B 81 04 00 23
Comments: Compressed subjectPublicKey Also known as P-521, ansip521r1

8 Name: X25519 (Montgomery) [ RFC-to-be ]
Identifiers: id-X25519
OID: 1.3.101.110
Parameters: Absent
DER: 30 05 06 03 2B 65 6E
Comments:

9 Name: X448 (Montgomery) [ RFC-to-be ]
Identifiers: id-X448
OID: 1.3.101.111
Parameters: Absent
DER: 30 05 06 03 2B 65 6F
Comments:

10 Name: Ed25519 (Twisted Edwards) [ RFC-to-be ]
Identifiers: id-Ed25519, id-EdDSA25519
OID: 1.3.101.112
Parameters: Absent
DER: 30 05 06 03 2B 65 70
Comments:

11 Name: Ed448 (Edwards) [ RFC-to-be ]
Identifiers: id-Ed448, id-EdDSA448
OID: 1.3.101.113
Parameters: Absent
DER: 30 05 06 03 2B 65 71
Comments:

24 Name: EC Public Key (Weierstrafl) with brainpoolP256r1 [ RFC-to-be ]
Identifiers: ecPublicKey, id-ecPublicKey
OID: 1.2.840.10045.2.1
Parameters: namedCurve = brainpoolP256r1 (1.3.36.3.3.2.8.1.1.7)
DER: 30 14 06 07 2A 86 48 CE 3D 02 01 06 09 2B 24 03 03 02 08 01 01 07
Comments: Compressed subjectPublicKey

25 Name: EC Public Key (Weierstrafl) with brainpoolP384r1 [ RFC-to-be ]
Identifiers: ecPublicKey, id-ecPublicKey
OID: 1.2.840.10045.2.1
Parameters: namedCurve = brainpoolP384r1 (1.3.36.3.3.2.8.1.1.11)
DER: 30 14 06 07 2A 86 48 CE 3D 02 01 06 09 2B 24 03 03 02 08 01 01 0B
Comments: Compressed subjectPublicKey

26 Name: EC Public Key (Weierstrafl) with brainpoolP512r1 [ RFC-to-be ]
Identifiers: ecPublicKey, id-ecPublicKey
OID: 1.2.840.10045.2.1
Parameters: namedCurve = brainpoolP512r1 (1.3.36.3.3.2.8.1.1.13)
DER: 30 14 06 07 2A 86 48 CE 3D 02 01 06 09 2B 24 03 03 02 08 01 01 0D
Comments: Compressed subjectPublicKey

27 Name: EC Public Key (Weierstrafl) with FRP256v1 [ RFC-to-be ]
Identifiers: ecPublicKey, id-ecPublicKey
OID: 1.2.840.10045.2.1
Parameters: namedCurve = FRP256v1 (1.2.250.1.223.101.256.1)
DER: 30 15 06 07 2A 86 48 CE 3D 02 01 06 0A 2A 81 7A 01 81 5F 65 82 00 01
Comments: Compressed subjectPublicKey

28 Name: EC Public Key (Weierstrafl) with sm2p256v1 [ RFC-to-be ]
Identifiers: ecPublicKey, id-ecPublicKey
OID: 1.2.840.10045.2.1
Parameters: namedCurve = sm2p256v1 (1.2.156.10197.1.301)
DER: 30 13 06 07 2A 86 48 CE 3D 02 01 06 08 2A 81 1C CF 55 01 82 2D
Comments: Compressed subjectPublicKey

Fifteenth, in the COSE Header Parameters registry in the CBOR Object Signing and Encryption (COSE) registry group located at:

https://www.iana.org/assignments/cose/

four early allocations will be made permanent and their references changed to [ RFC-to-be ] as follows:

Name: c5b
Label: 24
Value Type: COSE_C509
Value Registry:
Description: An unordered bag of C509 certificates
Reference: [ RFC-to-be ]

Name: c5c
Label: 25
Value Type: COSE_C509
Value Registry:
Description: An ordered chain of C509 certificates
Reference: [ RFC-to-be ]

Name: c5t
Label: 22
Value Type: COSE_CertHash
Value Registry:
Description: Hash of a ~C509Certificate
Reference: [ RFC-to-be ]

Name: c5u
Label: 23
Value Type: url
Value Registry:
Description: URI pointing to a COSE_C509 containing an ordered chain of certificates
Reference: [ RFC-to-be ]

Sixteenth, in the application namespace of the Media Type registry located at:

https://www.iana.org/assignments/media-types/

six new media types are to be registered as follows:

Name: cose-c509-cert
Template: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

Name: cose-c509-pkcs10
Template: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

Name: cose-c509-crtemplate
Template: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

Name: cose-c509-privkey
Template: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

Name: cose-c509-pem
Template: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

Name: cose-certhash
Template: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

Seventeenth, in the CoAP Content-Formats registry in the Constrained RESTful Environments (CoRE) Parameters registry group located at:

https://www.iana.org/assignments/core-parameters/

eight new Content-Formats will be added to the registry as follows:

Content-Format: application/cose-c509-cert
Content Coding:
Media Type: [[ link-to-media-type-registration for application/cose-c509-cert ]]
ID: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

Content-Format: application/cose-c509-cert usage = chain
Content Coding:
Media Type: [[ link-to-media-type-registration for application/cose-c509-cert ]]
ID: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

Content-Format: application/cose-c509-pkcs10
Content Coding:
Media Type: [[ link-to-media-type-registration for application/cose-c509-pkcs10 ]]
ID: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

Content-Format: application/cose-c509-crtemplate
Content Coding:
Media Type: [[ link-to-media-type-registration for application/cose-c509-crtemplate ]]
ID: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

Content-Format: application/cose-c509-privkey
Content Coding:
Media Type:
ID: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

Content-Format: application/cose-c509-pem
Content Coding:
Media Type: [[ link-to-media-type-registration for application/cose-c509-pem ]]
ID: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

Content-Format: application/cose-certhash
Content Coding:
Media Type: [[ link-to-media-type-registration for application/cose-certhash ]]
ID: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

Content-Format: application/cose-certhash usage = C509
Content Coding:
Media Type: [[ link-to-media-type-registration for application/cose-certhash ]]
ID: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

As this document requests registrations in an Expert Review or Specification Required (see RFC 8126) registry, we will initiate the required Expert Review via a separate request. This review must be completed before the document's IANA state can be changed to "IANA OK."

Eighteenth, in the TLS Certificate Types registry in the Transport Layer Security (TLS) Extensions registry group located at:

https://www.iana.org/assignments/tls-extensiontype-values/

a single new certificate type is to be registered as follows:

Value: [ TBD-at-Registration ]
Name: C509 Certificate
Recommended: N
Reference: [ RFC-to-be ]
Comment:

As this also requests registrations in an Expert Review or Specification Required (see RFC 8126) registry, we will initiate the required Expert Review via a separate request. This review must be completed before the document's IANA state can be changed to "IANA OK."

Nineteenth, in the TLSA Selectors registry in the DNS-Based Authentication of Named Entities (DANE) Parameters registry group located at:

https://www.iana.org/assignments/dane-parameters/

a single, new registration will be made as follows:

Value: [ TBD-at-Registration ]
Acronym: C509
Short Description: CBOR encoded PKIX certificates
Reference: [ RFC-to-be ]

As this document requests registrations in an Expert Review or Specification Required (see RFC 8126) registry, we will initiate the required Expert Review via a separate request. This review must be completed before the document's IANA state can be changed to "IANA OK."

Twentieth, in the EDHOC Authentication Credential Types registry in the Ephemeral Diffie-Hellman Over COSE (EDHOC) registry group located at:

https://www.iana.org/assignments/edhoc/

a single, new registration will be made as follows:

Value: [ TBD-at-Registration ]
Description: C509 certificate
Reference: [ RFC-to-be ]

As this also requests registrations in an Expert Review or Specification Required (see RFC 8126) registry, we will initiate the required Expert Review via a separate request. This review must be completed before the document's IANA state can be changed to "IANA OK."

We understand that these are the only actions required to be completed upon approval of this document.

NOTE: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

For definitions of IANA review states, please see:

https://datatracker.ietf.org/help/state/draft/iana-review

Thank you,

David Dong
IANA Services Sr. Specialist
2026-02-09
16 (System) IANA Review state changed to IANA - Not OK from IANA - Review Needed
2026-02-09
16 Corey Bonnell Request for IETF Last Call review by SECDIR Completed: Has Nits. Reviewer: Corey Bonnell. Sent review to list.
2026-01-31
16 Tero Kivinen Request for IETF Last Call review by SECDIR is assigned to Corey Bonnell
2026-01-30
16 Barry Leiba Request for IETF Last Call review by ARTART is assigned to Jaime Jimenez
2026-01-28
16 Russ Housley Request for IETF Last Call review by GENART Completed: Ready with Nits. Reviewer: Russ Housley. Sent review to list.
2026-01-28
16 Jean Mahoney Request for IETF Last Call review by GENART is assigned to Russ Housley
2026-01-27
16 Ted Lemon Request for IETF Last Call review by DNSDIR Completed: Not Ready. Reviewer: Ted Lemon. Sent review to list.
2026-01-27
16 Jim Reid Request for IETF Last Call review by DNSDIR is assigned to Ted Lemon
2026-01-27
16 Morgan Condie IANA Review state changed to IANA - Review Needed
2026-01-27
16 Morgan Condie
The following Last Call announcement was sent out (ends 2026-02-10):

From: The IESG
To: IETF-Announce
CC: cose-chairs@ietf.org, cose@ietf.org, draft-ietf-cose-cbor-encoded-cert@ietf.org, ivaylopetrov@google.com, paul.wouters@aiven.io …
The following Last Call announcement was sent out (ends 2026-02-10):

From: The IESG
To: IETF-Announce
CC: cose-chairs@ietf.org, cose@ietf.org, draft-ietf-cose-cbor-encoded-cert@ietf.org, ivaylopetrov@google.com, paul.wouters@aiven.io
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (CBOR Encoded X.509 Certificates (C509 Certificates)) to Proposed Standard


The IESG has received a request from the CBOR Object Signing and Encryption
WG (cose) to consider the following document: - 'CBOR Encoded X.509
Certificates (C509 Certificates)'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2026-02-10. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  This document specifies a CBOR encoding of X.509 certificates.  The
  resulting certificates are called C509 certificates.  The CBOR
  encoding supports a large subset of RFC 5280, common certificate
  profiles and is extensible.

  Two types of C509 certificates are defined.  One type is an
  invertible CBOR re-encoding of DER encoded X.509 certificates with
  the signature field copied from the DER encoding.  The other type is
  identical except that the signature is over the CBOR encoding instead
  of the DER encoding, avoiding the use of ASN.1.  Both types of
  certificates have the same semantics as X.509 and the same reduced
  size compared to X.509.

  The document also specifies CBOR encoded data structures for
  certificate (signing) requests and certificate request templates, new
  COSE headers, as well as a TLS certificate type and a file format for
  C509.  This document updates RFC 6698; the TLSA selectors registry is
  extended to include C509 certificates.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/



No IPR declarations have been submitted directly on this I-D.




2026-01-27
16 Morgan Condie IESG state changed to In Last Call from Last Call Requested
2026-01-27
16 Paul Wouters Last call was requested
2026-01-27
16 Paul Wouters Ballot approval text was generated
2026-01-27
16 Paul Wouters Ballot writeup was generated
2026-01-27
16 Paul Wouters IESG state changed to Last Call Requested from AD Evaluation::AD Followup
2026-01-27
16 Paul Wouters Last call announcement was generated
2026-01-25
16 (System) Changed action holders to Paul Wouters (IESG state changed)
2026-01-25
16 (System) Sub state has been changed to AD Followup from Revised I-D Needed
2026-01-25
16 Göran Selander New version available: draft-ietf-cose-cbor-encoded-cert-16.txt
2026-01-25
16 (System) New version approved
2026-01-25
16 (System) Request for posting confirmation emailed to previous authors: Goeran Selander , Joel Hoglund , John Mattsson , Martin Furuhed , Shahid Raza , cose-chairs@ietf.org
2026-01-25
16 Göran Selander Uploaded new revision
2026-01-08
15 (System) Changed action holders to John Preuß Mattsson, Göran Selander, Shahid Raza, Joel Höglund, Martin Furuhed (IESG state changed)
2026-01-08
15 Paul Wouters IESG state changed to AD Evaluation::Revised I-D Needed from AD Evaluation
2026-01-07
15 Paul Wouters IESG state changed to AD Evaluation from Publication Requested
2025-09-23
15 Ivaylo Petrov
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the …
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this write-up to give helpful context to Last Call
and Internet Engineering Steering Group ([IESG][1]) reviewers, and your
diligence in completing it is appreciated. The full role of the shepherd is
further described in [RFC 4858][2]. You will need the cooperation of the authors
and editors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

The document reached a broad consensus, comparable to that of many other documents in the COSE WG.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

A controversy arose during IETF 122 regarding "natively signed" certificates and their evolution. However, the issue appears to have been resolved through discussion on the mailing list, as there was no further follow-up by the end of the WGLC.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

A demonstration implementation is available at https://github.com/cose-wg/CBOR-certificates/tree/master/c509_demo_impl, and a link to this repository is included in the document. However, the document does not explicitly mention this implementation.
The authors have suggested that there are also implementations by Lijun Liao  and Brian Sipos.
Derek Atkins derek@ihtfp.com also seems to indicate that they have an implementation in https://mailarchive.ietf.org/arch/msg/cose/dF30vuqIcKFJw2HIT6Q7T7aj_sI/.

## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

I am not aware of any.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

The media type has not undergone a special review, as the registrations are straightforward and the working group possesses expertise in this area.

All other types of reviews seem irrelevant for this document.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

There is no YANG module.

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

The CDDL in Figure 2 was successfully verified using the tool at https://christian-bromann.github.io/cddl/. However, the CDDL in Figures 1 and 4 produced errors that appear to be tool-related.

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes, the document is needed, clearly written, complete, correctly designed, and ready to be handed off to the responsible Area Director.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. For which areas have such issues been identified
    and addressed? For which does this still need to happen in subsequent
    reviews?

In my opinion the draft does not have any of the listed SEC issues. Many of them are not relevant for this draft or are addressed by documents on x.509, which the draft builds on.

11. What type of RFC publication is being requested on the IETF stream ([Best
    Current Practice][12], [Proposed Standard, Internet Standard][13],
    [Informational, Experimental or Historic][14])? Why is this the proper type
    of RFC? Do all Datatracker state attributes correctly reflect this intent?

Proposed Standard

12. Have reasonable efforts been made to remind all authors of the intellectual
    property rights (IPR) disclosure obligations described in [BCP 79][7]? To
    the best of your knowledge, have all required disclosures been filed? If
    not, explain why. If yes, summarize any relevant discussion, including links
    to publicly-available messages when applicable.

Yes.

13. Has each author, editor, and contributor shown their willingness to be
    listed as such? If the total number of authors and editors on the front page
    is greater than five, please provide a justification.

Each author has shown willingness to be listed as such and the list is of exactly 5 people.

14. Document any remaining I-D nits in this document. Simply running the [idnits
    tool][8] is not enough; please review the ["Content Guidelines" on
    authors.ietf.org][15]. (Also note that the current idnits tool generates
    some incorrect warnings; a rewrite is underway.)

Idnits did not discover anything noteworthy about the document.

From a content guidelines perspective, the document is largely compliant; it is correctly named, structured, and contains the required content. One deviation from the Content Guidelines is the use of work emails for author contact, which may not be stable over time.

15. Should any informative references be normative or vice-versa? See the [IESG
    Statement on Normative and Informative References][16].

No.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

There are no such references.

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
    97
][10]) that are not already listed in the [DOWNREF registry][17]? If so,
    list them.

RFC 2985 and RFC 2986 are informational and therefore downward references.

18. Are there normative references to documents that are not ready to be
    submitted to the IESG for publication or are otherwise in an unclear state?
    If so, what is the plan for their completion?

No.

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

This document updates RFC 6698. This is clearly stated on the title page, in the abstract, and in the introduction.


20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][11]).

The document clearly identifies its requests to IANA for new COSE Header Parameter and Media Type Application registrations. These requests are necessary and minimal. The document also establishes several new registries with clear instructions and initial content.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

Here is the list:
- C509 Certificate Types Registry
- C509 Certificate Request Types Registry
- C509 Private Key Types Registry
- C509 Certificate Request Templates Types Registry
- C509 Attributes Registry
- C509 Extensions Registry
- C509 Certificate Policies Registry
- C509 Policies Qualifiers Registry
- C509 Information Access Registry
- C509 Extended Key Usages Registry
- C509 General Names Registry
- C509 Signature Algorithms Registry
- C509 Public Key Algorithms Registry

I believe that the instructions are clear.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://wiki.ietf.org/group/ops/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://wiki.ietf.org/group/iesg/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]: https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/


2025-09-23
15 Ivaylo Petrov IETF WG state changed to Submitted to IESG for Publication from WG Document
2025-09-23
15 Ivaylo Petrov IESG state changed to Publication Requested from I-D Exists
2025-09-23
15 (System) Changed action holders to Paul Wouters (IESG state changed)
2025-09-23
15 Ivaylo Petrov Responsible AD changed to Paul Wouters
2025-09-23
15 Ivaylo Petrov Document is now in IESG state Publication Requested
2025-09-22
15 Ivaylo Petrov
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the …
# Document Shepherd Write-Up for Group Documents

*This version is dated 4 July 2022.*

Thank you for your service as a document shepherd. Among the responsibilities is
answering the questions in this write-up to give helpful context to Last Call
and Internet Engineering Steering Group ([IESG][1]) reviewers, and your
diligence in completing it is appreciated. The full role of the shepherd is
further described in [RFC 4858][2]. You will need the cooperation of the authors
and editors to complete these checks.

Note that some numbered items contain multiple related questions; please be sure
to answer all of them.

## Document History

1. Does the working group (WG) consensus represent the strong concurrence of a
  few individuals, with others being silent, or did it reach broad agreement?

The document reached a broad consensus, comparable to that of many other documents in the COSE WG.

2. Was there controversy about particular points, or were there decisions where
  the consensus was particularly rough?

A controversy arose during IETF 122 regarding "natively signed" certificates and their evolution. However, the issue appears to have been resolved through discussion on the mailing list, as there was no further follow-up by the end of the WGLC.

3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If
  so, please summarize the areas of conflict in separate email messages to the
  responsible Area Director. (It should be in a separate email because this
  questionnaire is publicly available.)

No.

4. For protocol documents, are there existing implementations of the contents of
  the document? Have a significant number of potential implementers indicated
  plans to implement? Are any existing implementations reported somewhere,
  either in the document itself (as [RFC 7942][3] recommends) or elsewhere
  (where)?

A demonstration implementation is available at https://github.com/cose-wg/CBOR-certificates/tree/master/c509_demo_impl, and a link to this repository is included in the document. However, the document does not explicitly mention this implementation.
The authors have suggested that there are also implementations by Lijun Liao  and Brian Sipos.
Derek Atkins derek@ihtfp.com also seems to indicate that they have an implementation in https://mailarchive.ietf.org/arch/msg/cose/dF30vuqIcKFJw2HIT6Q7T7aj_sI/.

## Additional Reviews

5. Do the contents of this document closely interact with technologies in other
  IETF working groups or external organizations, and would it therefore benefit
  from their review? Have those reviews occurred? If yes, describe which
  reviews took place.

I am not aware of any.

6. Describe how the document meets any required formal expert review criteria,
  such as the MIB Doctor, YANG Doctor, media type, and URI type reviews.

The media type has not undergone a special review, as the registrations are straightforward and the working group possesses expertise in this area.

All other types of reviews seem irrelevant for this document.

7. If the document contains a YANG module, has the final version of the module
  been checked with any of the [recommended validation tools][4] for syntax and
  formatting validation? If there are any resulting errors or warnings, what is
  the justification for not fixing them at this time? Does the YANG module
  comply with the Network Management Datastore Architecture (NMDA) as specified
  in [RFC 8342][5]?

There is no YANG module.

8. Describe reviews and automated checks performed to validate sections of the
  final version of the document written in a formal language, such as XML code,
  BNF rules, MIB definitions, CBOR's CDDL, etc.

The CDDL in Figure 2 was successfully verified using the tool at https://christian-bromann.github.io/cddl/. However, the CDDL in Figures 1 and 4 produced errors that appear to be tool-related.

## Document Shepherd Checks

9. Based on the shepherd's review of the document, is it their opinion that this
  document is needed, clearly written, complete, correctly designed, and ready
  to be handed off to the responsible Area Director?

Yes, the document is needed, clearly written, complete, correctly designed, and ready to be handed off to the responsible Area Director.

10. Several IETF Areas have assembled [lists of common issues that their
    reviewers encounter][6]. For which areas have such issues been identified
    and addressed? For which does this still need to happen in subsequent
    reviews?

In my opinion the draft does not have any of the listed SEC issues. Many of them are not relevant for this draft or are addressed by documents on x.509, which the draft builds on.

11. What type of RFC publication is being requested on the IETF stream ([Best
    Current Practice][12], [Proposed Standard, Internet Standard][13],
    [Informational, Experimental or Historic][14])? Why is this the proper type
    of RFC? Do all Datatracker state attributes correctly reflect this intent?

Proposed Standard

12. Have reasonable efforts been made to remind all authors of the intellectual
    property rights (IPR) disclosure obligations described in [BCP 79][7]? To
    the best of your knowledge, have all required disclosures been filed? If
    not, explain why. If yes, summarize any relevant discussion, including links
    to publicly-available messages when applicable.

Yes.

13. Has each author, editor, and contributor shown their willingness to be
    listed as such? If the total number of authors and editors on the front page
    is greater than five, please provide a justification.

Each author has shown willingness to be listed as such and the list is of exactly 5 people.

14. Document any remaining I-D nits in this document. Simply running the [idnits
    tool][8] is not enough; please review the ["Content Guidelines" on
    authors.ietf.org][15]. (Also note that the current idnits tool generates
    some incorrect warnings; a rewrite is underway.)

Idnits did not discover anything noteworthy about the document.

From a content guidelines perspective, the document is largely compliant; it is correctly named, structured, and contains the required content. One deviation from the Content Guidelines is the use of work emails for author contact, which may not be stable over time.

15. Should any informative references be normative or vice-versa? See the [IESG
    Statement on Normative and Informative References][16].

No.

16. List any normative references that are not freely available to anyone. Did
    the community have sufficient access to review any such normative
    references?

There are no such references.

17. Are there any normative downward references (see [RFC 3967][9] and [BCP
    97
][10]) that are not already listed in the [DOWNREF registry][17]? If so,
    list them.

RFC 2985 and RFC 2986 are informational and therefore downward references.

18. Are there normative references to documents that are not ready to be
    submitted to the IESG for publication or are otherwise in an unclear state?
    If so, what is the plan for their completion?

No.

19. Will publication of this document change the status of any existing RFCs? If
    so, does the Datatracker metadata correctly reflect this and are those RFCs
    listed on the title page, in the abstract, and discussed in the
    introduction? If not, explain why and point to the part of the document
    where the relationship of this document to these other RFCs is discussed.

This document updates RFC 6698. This is clearly stated on the title page, in the abstract, and in the introduction.


20. Describe the document shepherd's review of the IANA considerations section,
    especially with regard to its consistency with the body of the document.
    Confirm that all aspects of the document requiring IANA assignments are
    associated with the appropriate reservations in IANA registries. Confirm
    that any referenced IANA registries have been clearly identified. Confirm
    that each newly created IANA registry specifies its initial contents,
    allocations procedures, and a reasonable name (see [RFC 8126][11]).

The document clearly identifies its requests to IANA for new COSE Header Parameter and Media Type Application registrations. These requests are necessary and minimal. The document also establishes several new registries with clear instructions and initial content.

21. List any new IANA registries that require Designated Expert Review for
    future allocations. Are the instructions to the Designated Expert clear?
    Please include suggestions of designated experts, if appropriate.

Here is the list:
- C509 Certificate Types Registry
- C509 Certificate Request Types Registry
- C509 Private Key Types Registry
- C509 Certificate Request Templates Types Registry
- C509 Attributes Registry
- C509 Extensions Registry
- C509 Certificate Policies Registry
- C509 Policies Qualifiers Registry
- C509 Information Access Registry
- C509 Extended Key Usages Registry
- C509 General Names Registry
- C509 Signature Algorithms Registry
- C509 Public Key Algorithms Registry

I believe that the instructions are clear.

[1]: https://www.ietf.org/about/groups/iesg/
[2]: https://www.rfc-editor.org/rfc/rfc4858.html
[3]: https://www.rfc-editor.org/rfc/rfc7942.html
[4]: https://wiki.ietf.org/group/ops/yang-review-tools
[5]: https://www.rfc-editor.org/rfc/rfc8342.html
[6]: https://wiki.ietf.org/group/iesg/ExpertTopics
[7]: https://www.rfc-editor.org/info/bcp79
[8]: https://www.ietf.org/tools/idnits/
[9]: https://www.rfc-editor.org/rfc/rfc3967.html
[10]: https://www.rfc-editor.org/info/bcp97
[11]: https://www.rfc-editor.org/rfc/rfc8126.html
[12]: https://www.rfc-editor.org/rfc/rfc2026.html#section-5
[13]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.1
[14]: https://www.rfc-editor.org/rfc/rfc2026.html#section-4.2
[15]: https://authors.ietf.org/en/content-guidelines-overview
[16]: https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/
[17]: https://datatracker.ietf.org/doc/downref/


2025-09-16
15 Ivaylo Petrov Changed consensus to Yes from Unknown
2025-09-16
15 Ivaylo Petrov Intended Status changed to Proposed Standard from None
2025-08-22
15 Ivaylo Petrov Notification list changed to ivaylopetrov@google.com because the document shepherd was set
2025-08-22
15 Ivaylo Petrov Document shepherd changed to Ivaylo Petrov
2025-08-18
15 Göran Selander New version available: draft-ietf-cose-cbor-encoded-cert-15.txt
2025-08-18
15 (System) New version approved
2025-08-18
15 (System) Request for posting confirmation emailed to previous authors: Goeran Selander , Joel Hoglund , John Mattsson , Martin Furuhed , Shahid Raza , cose-chairs@ietf.org
2025-08-18
15 Göran Selander Uploaded new revision
2025-06-23
14 Göran Selander New version available: draft-ietf-cose-cbor-encoded-cert-14.txt
2025-06-23
14 (System) New version approved
2025-06-23
14 (System) Request for posting confirmation emailed to previous authors: Goeran Selander , Joel Hoglund , John Mattsson , Martin Furuhed , Shahid Raza
2025-06-23
14 Göran Selander Uploaded new revision
2025-03-03
13 Göran Selander New version available: draft-ietf-cose-cbor-encoded-cert-13.txt
2025-03-03
13 (System) New version approved
2025-03-03
13 (System) Request for posting confirmation emailed to previous authors: Goeran Selander , Joel Hoglund , John Mattsson , Martin Furuhed , Shahid Raza
2025-03-03
13 Göran Selander Uploaded new revision
2025-01-08
12 Göran Selander New version available: draft-ietf-cose-cbor-encoded-cert-12.txt
2025-01-08
12 Göran Selander New version accepted (logged-in submitter: Göran Selander)
2025-01-08
12 Göran Selander Uploaded new revision
2024-07-08
11 Joel Höglund New version available: draft-ietf-cose-cbor-encoded-cert-11.txt
2024-07-08
11 (System) New version approved
2024-07-08
11 (System) Request for posting confirmation emailed to previous authors: Goeran Selander , Joel Hoglund , John Mattsson , Martin Furuhed , Shahid Raza
2024-07-08
11 Joel Höglund Uploaded new revision
2024-07-08
10 Joel Höglund New version available: draft-ietf-cose-cbor-encoded-cert-10.txt
2024-07-08
10 (System) New version approved
2024-07-08
10 (System) Request for posting confirmation emailed to previous authors: Goeran Selander , Joel Hoglund , John Mattsson , Martin Furuhed , Shahid Raza
2024-07-08
10 Joel Höglund Uploaded new revision
2024-03-04
09 Joel Höglund New version available: draft-ietf-cose-cbor-encoded-cert-09.txt
2024-03-04
09 Göran Selander New version approved
2024-03-04
09 (System) Request for posting confirmation emailed to previous authors: Goeran Selander , Joel Hoglund , John Mattsson , Martin Furuhed , Shahid Raza
2024-03-04
09 Joel Höglund Uploaded new revision
2024-03-04
08 Joel Höglund New version available: draft-ietf-cose-cbor-encoded-cert-08.txt
2024-03-04
08 (System) New version approved
2024-03-04
08 (System) Request for posting confirmation emailed to previous authors: Goeran Selander , Joel Hoglund , John Mattsson , Martin Furuhed , Shahid Raza
2024-03-04
08 Joel Höglund Uploaded new revision
2023-10-20
07 Joel Höglund New version available: draft-ietf-cose-cbor-encoded-cert-07.txt
2023-10-20
07 (System) New version approved
2023-10-20
07 (System) Request for posting confirmation emailed to previous authors: Goeran Selander , Joel Hoglund , John Mattsson , Martin Furuhed , Shahid Raza
2023-10-20
07 Joel Höglund Uploaded new revision
2023-07-07
06 Joel Höglund New version available: draft-ietf-cose-cbor-encoded-cert-06.txt
2023-07-07
06 (System) New version approved
2023-07-07
06 (System) Request for posting confirmation emailed to previous authors: Goeran Selander , Joel Hoglund , John Mattsson , Martin Furuhed , Shahid Raza
2023-07-07
06 Joel Höglund Uploaded new revision
2023-01-10
05 Joel Höglund New version available: draft-ietf-cose-cbor-encoded-cert-05.txt
2023-01-10
05 (System) New version approved
2023-01-10
05 (System) Request for posting confirmation emailed to previous authors: Goeran Selander , Joel Hoglund , John Mattsson , Martin Furuhed , Shahid Raza
2023-01-10
05 Joel Höglund Uploaded new revision
2022-07-21
04 Ivaylo Petrov Added to session: IETF-114: cose  Tue-1330
2022-07-10
04 Göran Selander New version available: draft-ietf-cose-cbor-encoded-cert-04.txt
2022-07-10
04 (System) New version approved
2022-07-10
04 (System) Request for posting confirmation emailed to previous authors: Goeran Selander , Joel Hoglund , John Mattsson , Martin Furuhed , Shahid Raza
2022-07-10
04 Göran Selander Uploaded new revision
2022-01-25
03 Ivaylo Petrov Added to session: interim-2022-cose-01
2022-01-10
03 Göran Selander New version available: draft-ietf-cose-cbor-encoded-cert-03.txt
2022-01-10
03 (System) New version approved
2022-01-10
03 (System) Request for posting confirmation emailed to previous authors: Goeran Selander , Joel Hoglund , John Mattsson , Martin Furuhed , Shahid Raza
2022-01-10
03 Göran Selander Uploaded new revision
2021-07-12
02 John Preuß Mattsson New version available: draft-ietf-cose-cbor-encoded-cert-02.txt
2021-07-12
02 (System) New version approved
2021-07-12
02 (System) Request for posting confirmation emailed to previous authors: Goeran Selander , Joel Hoglund , John Mattsson , Martin Furuhed , Shahid Raza
2021-07-12
02 John Preuß Mattsson Uploaded new revision
2021-05-25
01 John Preuß Mattsson This document now replaces draft-mattsson-cose-cbor-cert-compress instead of None
2021-05-25
01 John Preuß Mattsson New version available: draft-ietf-cose-cbor-encoded-cert-01.txt
2021-05-25
01 (System) New version accepted (logged-in submitter: John Preuß Mattsson)
2021-05-25
01 John Preuß Mattsson Uploaded new revision
2021-04-28
00 Göran Selander New version available: draft-ietf-cose-cbor-encoded-cert-00.txt
2021-04-28
00 (System) WG -00 approved
2021-04-28
00 Göran Selander Set submitter to "=?utf-8?q?G=C3=B6ran_Selander?= ", replaces to (none) and sent approval email to group chairs: cose-chairs@ietf.org
2021-04-28
00 Göran Selander Uploaded new revision