CBOR vs MessagePack: Which Binary Format?
CBOR is an IETF-standardized binary format (RFC 8949) with rich type tags; MessagePack is a compact, widely adopted binary format with broad library support.
CBOR (RFC 8949) is designed for standardization, extensibility via tags, and constrained-device use, and underpins protocols like COSE and WebAuthn. MessagePack predates it, is extremely compact, and has very broad library support across languages. CBOR wins on standardization and extensibility; MessagePack wins on adoption breadth and minimal size.
| CBOR | MessagePack | |
|---|---|---|
| Standard | IETF RFC 8949 | De facto spec |
| Extensibility | Rich tags | Extension types |
| Adoption | Strong (COSE, IoT) | Very broad |
| Size | Compact | Very compact |
| Best for | Standards, IoT | Broad library support |
Use case and standards
CBOR suits use cases needing an IETF standard, semantic tags, or alignment with COSE/WebAuthn and constrained IoT. MessagePack suits teams wanting the most widely available libraries and the smallest payloads without a formal standard requirement.
Ops and CI fit
Both are schema-free binary formats with library support across languages. Round-trip interop tests run in CI, where faster managed runners shorten cross-language serialization checks.
The verdict
Want an IETF standard with rich tags and IoT/security ecosystem fit: CBOR. Want the broadest libraries and minimal size: MessagePack. Standardization favors CBOR; adoption breadth favors MessagePack.