It doesn’t seem clear what the CBOR tagging requirements are when
application/cwt is used to indicate a message is a CWT.
This is the text that I think it missing:
The CBOR CWT tag (61) must NOT be used. It is unnecessary because the media
type already indicates it is a CWT.
The COSE type indicating tag MUST be present. It is necessary to determine
whether what the COSE type is, whether it is COSE_Sign1, COSE_Mac0...
Another solution could be a MIME parameter added to the application/cwt
indicating the COSE type.
Step 3 in section 7.2 also seems wrong. It doesn’t make it an error for the
COSE type tag to be absent when the CBOR CWT tag is present.
This is all based on my understanding that the surrounding protocol for must
specify exactly when CBOR tags are to be used and when they are not to be used
and that the surrounding protocol must not leave it as an optional
implementation choice. In this case application/cwt is the supporting protocol.
LL
_______________________________________________
Ace mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ace
