Cryptographic Message Syntax (CMS) Content Types for Concise Binary Object Representation (CBOR)

Introduction Concise Binary Object Representation (CBOR) is a compact self-describing binary encoding formation that is starting to be used in many different applications. One of the primary uses of CBOR is in the Internet of Things, the constrained nature of which means that having minimal size of encodings becomes very important. The Cryptographic Message Syntax (CMS) is still one of the most common methods for providing message-based security, although in many cases, the CBOR Object Signing and Encryption (COSE) message-based security system is starting to be used. Given that CBOR is going to be transported using CMS, it makes sense to define CMS content types for the purpose of denoting that the embedded content is CBOR. This document defines two new content types: CBOR content type and CBOR Sequence content type .

CBOR Content Type defines an encoded CBOR item. This section defines a new content type for wrapping an encoded CBOR item in a CMS object. The following object identifier identifies the CBOR content type: The CBOR content type is intended to refer to a single object encoded using the CBOR encoding format . Nothing is stated about the specific CBOR object that is included. CBOR can always be decoded to a tree, as the encoding is self descriptive. The CBOR content type is intended to be encapsulated in the signed data and auth-enveloped data, but it can be included in any CMS wrapper. It cannot be predicted whether the compressed CMS encapsulation will provide compression, because the content may be binary rather than text. defined an optional parameter, "innerContent", to allow for identification of what the inner content is for an application/cms media type. This document defines the string "cbor" as a new value that can be placed in this parameter when a CBOR content type is used.

CBOR Sequence Content Type defines a CBOR Sequence as a concatenation of zero or more CBOR objects. This section defines a new content type for wrapping a CBOR Sequence in a CMS object. The following object identifier identifies the CBOR Sequence content type: The CBOR Sequence content type is intended to refer to a sequence of objects encoded using the CBOR encoding format. The objects are concatenated without any markers delimiting the individual CBOR objects. Nothing is stated about the specific CBOR objects that are included. CBOR can always be decoded to a tree, because the encoding is self descriptive. The CBOR Sequence content type is intended to be encapsulated in the signed data and auth-enveloped data, but it can be included in any CMS wrapper. It cannot be predicted whether the compressed CMS encapsulation will provide compression, because the content may be binary rather than text. defined an optional parameter, "innerContent", to allow for identification of what the inner content is for an application/cms media type. This document defines the string "cborSequence" as a new value that can be placed in this parameter when a CBOR Sequence content type is used.

ASN.1 Module

IANA Considerations IANA has registered the following in the "SMI Security for S/MIME Module Identifier (1.2.840.113549.1.9.16.0)" subregistry within the SMI Numbers registry:

Decimal	Description	References
71	id-mod-cbor-2019	RFC 8769

IANA has registered the following in the "SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)" subregistry within the SMI Numbers registry:

Decimal	Description	References
44	id-ct-cbor	RFC 8769
45	id-ct-cborSequence	RFC 8769

IANA has registered the following in the "CMS Inner Content Types" subregistry within the "MIME Media Type Sub-Parameter Registries":

Name	Object Identifier	Reference
cbor	1.2.840.113549.1.9.16.1.44	RFC 8769
cborSequence	1.2.840.113549.1.9.16.1.45	RFC 8769

Security Considerations This document only provides identification for content types; it does not introduce any new security issues by itself. The new content types mean that id-data does not need to be used to identify these content types; they can therefore reduce confusion.