Hi, Thank you for looking into this! To some extent I am wondering if we should leave some flexibility here for the applications to decide, but probably you are right that we should write those parts explicitly. More precisely: 1) I made the use of DER encoding explicit in the part where we specify CDDL for x5bag. 2) I clarified that the hash is computed over the DER encoding of the certificate. I am not completely sure that we should limit the use of x5t to only reference the certificate containing the end-entity key, but that is also fine with me.
Thanks, Ivaylo On Tue, Oct 20, 2020 at 7:23 PM Laurence Lundblade <[email protected]> wrote: > I went through my open GitHub issues on cose-x509 > <https://github.com/cose-wg/X509/issues> and closed a few, but a few > remain. The comments on the issue diverged from their titles, but still > seem valuable. They come down to two things. > > 1) There is agreement that only certs in the DER format is allowed. > However, cose-x509-07 doesn’t seem to say that. > > 2) Confusion over the x5t parameter. I think it is to identify the > end-entity cert in an x5bag or out of a collection fetched by URI or a > collection the relying party already has, but I’m not sure from the text. > (Maybe it is just my misunderstanding or misreading something). > > LL > > _______________________________________________ > COSE mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/cose >
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
