{ I found Jim's very interesting email very hard to read without good
quoting, I'm repeating the important part }
henk> 2.) go to ACE and ask for an "unsigned token" option, or
Jim Schaad <[email protected]> wrote:
jls> I don't have a problem with this, I am not sure that I see any
jls> reason for it however. See below.
henk> 3.) go to CBOR and ask for a tag for "naked" CWT Claim Sets (i.e.,
henk> that are not signed).
jls> I don't see any difference between this and option #2
jls> 4.) Just write your CWT code in a sensible manner.
jls> My CWT code base does not make any assumptions about the number or
jls> order of COSE security wrapping layers on a token. It thus looks
jls> like
jls> while (true) {
jls> if input has a COSE_Encrypt tag { decrypt it; set input to the
content; save the encryption information if needed e.g. shared key
authentication; continue; }
jls> if input has a COSE_MAC tag { validate it; set input to the content;
save the MAC information if needed e.g. shared key authentication; continue;}
jls> if input has a COSE_Signature tag { validate it; set input to the
content; save the signer information; continue }
jls> if input is a map - return input as the set of claims;
jls> throw an exception because it is not the correct format.
jls> }
jls> This does not require a tag for a naked set of claims and would
jls> allow that set of claims to be pass in the same place as a CWT can
jls> be passed. What you are suggesting would require extra code to
jls> exist someplace that is going to check for an additional tag.
jls> IT IS
jls> ALSO GOING TO LEAD TO PEOPLE THINKING THAT THIS NEW TAG SHOULD BE
jls> LEGAL TO PLACE INSIDE OF A CWT. After all it makes more sense to
jls> always include it than to just sometimes include it.
Emphasis mine.
So your suggestion is to do nothing.
I also wondered why that wouldn't work, but I hadn't written enough code to
ask the question intelligently.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
