Skip to main content

CBOR Encoded X.509 Certificates (C509 Certificates)

Document Type Replaced Internet-Draft (individual)
Expired & archived
Authors Shahid Raza , Joel Höglund , Göran Selander , John Preuß Mattsson , Martin Furuhed
Last updated 2021-02-22
Replaces draft-mattsson-tls-cbor-cert-compress, draft-raza-ace-cbor-certificates
Replaced by draft-ietf-cose-cbor-encoded-cert
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Associated None milestones
Jun 2021
Adopt draft for compressed certificate encoding as a Working Group item
Dec 2021
Submit draft for compressed certificate encoding to the IESG for publication
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-cose-cbor-encoded-cert
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document specifies a CBOR encoding of X.509 certificates. The resulting certificates are called C509 Certificates. The CBOR encoding supports a large subset of RFC 5280 and significantly reduces the size of certificates compatible with e.g. RFC 7925, IEEE 802.1AR (DevID), CNSA, and CA/Browser Forum Baseline Requirements. When used to re-encode DER encoded X.509 certificates, the CBOR encoding can in many cases reduce the size of RFC 7925 profiled certificates with over 50%. The CBOR encoded structure can alternatively be signed directly ("natively signed"), which does not require re-encoding for the signature to be verified. The document also specifies COSE headers as well as a TLS certificate type for C509 certificates. NOTE: "C509" is a placeholder, name to be decided by the COSE WG.


Shahid Raza
Joel Höglund
Göran Selander
John Preuß Mattsson
Martin Furuhed

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)