At the moment the following is not an issue at all, but looking at it we might want to re-think the order in which items are constructed for doing countersignatures. Using a message recovery signature algorithm, which is currently discouraged for countersignatures for a number of reasons, needs to steal bytes from the right end of the to-be-signed bytes because that is where the message content is. Stealing bytes in the event of a countersignature does not make a great deal of sense, but the new proposed structure no longer places the "message content bytes" at the end of the message as the "other binary values" are currently appended after the message content.
There currently are not any issues raised by this, but it does raise some interesting questions for a future new base COSE message type. I don't know if this should be changed, it should be noted, or it should be ignored. Jim _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
