Hi, I think I thought to much about EDHOC when I wrote that everything could go in the unprotected header on GitHub. It makes sense to include the end-entity certificate in the information to be signed. My understanding is that it is good to include at least the public key and the identity, but that the whole certificate chain does not need to be signed.
EDHOC (which relies heavily on draft-ietf-cose-x509 and x5t, x5u, x5bag, x5chain) adds the end-entity certificate in the external_aad. From an EDHOC perspective the hash in x5t wastes bytes and putting a hash in x5u would waste bytes there as well. Could something similar be done on the COSE level instead. I.e. force the end-entity certificate to be in included in the external_aad? Either by explicitly defining how it is included, or by writing that the application using COSE MUST include the end-entity certificate in the external_aad. This would fix the security issues without any extra bytes on the wire. It also fulfills Michael's use case with middleboxes removing CA certs. It would be good to distinguish the identifier for the certificate from the information that needs to be protected. They do not need to be the same. Cheers, John _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
