CBOR Encoded X.509 Certificates (C509 Certificates)

Document Type Replaced Internet-Draft (individual)
Authors Shahid Raza  , Joel Höglund  , Göran Selander  , John Preuß Mattsson  , Martin Furuhed 
Last updated 2021-02-22
Replaces draft-mattsson-tls-cbor-cert-compress, draft-raza-ace-cbor-certificates
Replaced by draft-ietf-cose-cbor-encoded-cert
Stream (None)
Intended RFC status (None)
Expired & archived
plain text xml htmlized pdfized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-cose-cbor-encoded-cert
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document specifies a CBOR encoding of X.509 certificates. The resulting certificates are called C509 Certificates. The CBOR encoding supports a large subset of RFC 5280 and significantly reduces the size of certificates compatible with e.g. RFC 7925, IEEE 802.1AR (DevID), CNSA, and CA/Browser Forum Baseline Requirements. When used to re-encode DER encoded X.509 certificates, the CBOR encoding can in many cases reduce the size of RFC 7925 profiled certificates with over 50%. The CBOR encoded structure can alternatively be signed directly ("natively signed"), which does not require re-encoding for the signature to be verified. The document also specifies COSE headers as well as a TLS certificate type for C509 certificates. NOTE: "C509" is a placeholder, name to be decided by the COSE WG.


Shahid Raza (shahid.raza@ri.se)
Joel Höglund (joel.hoglund@ri.se)
Göran Selander (goran.selander@ericsson.com)
John Preuß Mattsson (john.mattsson@ericsson.com)
Martin Furuhed (martin.furuhed@nexusgroup.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)