One of the issues that I mentioned in the discussion was that there were
possible structures that might be defined in the future, but I did not have
a good idea of what one would look like. At the time I was thinking of the
Hybrid Encryption document in CFRG, but a better example might be to look at
the old PKCS#7 Sign and Encrypt structure.
COSE_SignAndEncrypt ::= {
Headers, // encryption headers
Encryption Content
Recipient array
Headers, // Signed headers
Signature
}
I defined two separate set of headers just to make things really complicated
not because it is necessary. The problem with stripping the signature that
caused it to be dropped from CMS can be solved by including the structure
name as part of the signed and encryption process so you cannot convert this
into just an encryption only item.
If you try and compute a counter signature on this object you want to
include
* Encryption protected headers
* Encryption content
* Signed protected headers
* Signature value
This is a case where saying that we want to include all of the binary string
objects in the structure as input to the countersignature process is what is
desired.
Jim
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
