On Wed, Oct 21, 2020 at 12:54:44PM -0700, Laurence Lundblade wrote: > > > On Oct 21, 2020, at 10:58 AM, Benjamin Kaduk via Datatracker > > <[email protected]> wrote: > > > > x5t: This header parameter provides the ability to identify an X.509 > > certificate by a hash value. The attribute is an array of two > > > > I suggest using the word "thumbprint" somewhere to motivate the 't' in > > "x5t”. > > Using “thumbprint” makes sense to me, though it was changed from thumbprint > to fingerprint in March > <https://github.com/cose-wg/X509/commit/32c2bf2b2411250f6d9232b43ae0813ac9d88a44>. >
My point was more that we're effectively tied to the "x5t" symbol for JOSE parity, and even if we want to call the thing it carries a "fingerprint", we should still use the word "thumbprint" once to explain the mnemonic value of the 't'. > Is it the common understanding that this “x5t” identifies the end-entity cert > like subjectKeyIdentifier does for CMS > <https://tools.ietf.org/html/rfc5652#section-5.3>? I can’t imagine what else > it would identify, but it seems saying this explicitly would be helpful. CMS > certainly is explicit and detailed on this. That's what I assumed, but probably worth a mention (one could, of course, identify a CA by fingerprint as well). > > > > Also, we may want to make a pass to check for consistent usage of > > "attribute", "parameter", etc. -- I think this is the first time we say > > "the attribute is”. > > I believe the correct term is “header parameter”. This was settled on for > draft-ietf-cose-rfc8152bis-struct and Jim made a number of changes to > cose-x509 to use that term back in March (same PR as referenced above). > However, “attribute” is still used a lot and probably all those uses should > be “header parameter”. That sounds right for everything except the -sender variants, which are "header algorithm parameter"s. (I had to look it up and check again while reviewing the document.) -Ben _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
