Hi Ivaylo, > On Nov 1, 2020, at 10:55 AM, Ivaylo Petrov <[email protected]> wrote: > > 2) I clarified that the hash is computed over the DER encoding of the > certificate. I am not completely sure that we should limit the use of x5t to > only reference the certificate containing the end-entity key, but that is > also fine with me.
JWS is clear about x5t as the end-entity cert: The "x5t" (X.509 certificate SHA-1 thumbprint) Header Parameter is a base64url-encoded SHA-1 thumbprint (a.k.a. digest) of the DER encoding of the X.509 certificate [RFC5280 <https://tools.ietf.org/html/rfc5280>] corresponding to the key used to digitally sign the JWS. I can’t imagine any other use of x5t as all certs superior to the end-entity must be identified by secured identifiers in the certificate one below to defend against the attack Ben described (the same attack that requires x5t a protected header). Appendix D in JWS also discusses use of x5t as the end-entity. I don’t think I’m missing anything here, but tell me if I am. Also, it looks to me that Appendix D of JWS <https://tools.ietf.org/html/rfc7515#appendix-D> is highly applicable to cose-x509. A non-normative link to it would be helpful in understanding cose-x509. LL
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
