Hi Brian, > do you mean to use a bare CWT Claim Map with a "cnf" key, or a full CWT > sign/MAC structure attested to by some issuing entity? > Is it proposed to replace the raw COSE_Key use with a CWT entirely, or add > CWT as an alternative?
Thanks for good questions! This is more or less what we will ask ourselves at the LAKE WG interim next week, see: https://github.com/lake-wg/edhoc/issues/125 and related issues #115, #88, #82. One candidate which you didn't mention was C509 with or without signature. One reason for choosing CWT would be that it already exists as an RFC. But does the bare CWT Claim Map with a 'cnf' label as in RFC 8747 but without COSE_Sign/MAC/Encrypt "exist" as a separate standard that can be referenced? If that anyway needs to be specified then removing the signature from C509 is perhaps another option? Thanks Göran On 2021-05-25, 06:08, "COSE on behalf of Brian Sipos" <[email protected] on behalf of [email protected]> wrote: John, I'm not deeply familiar with EDHOC use cases but am looking at COSE along with some form of labeled public key transport. Right now, that is a combination of in-message x5chain/x5t/kid with out-of-message COSE_Key objects; similar, I think, to what is proposed for EDHOC. When discussing using CWT as a public key transport, do you mean to use a bare CWT Claim Map with a "cnf" key, or a full CWT sign/MAC structure attested to by some issuing entity? Is it proposed to replace the raw COSE_Key use with a CWT entirely, or add CWT as an alternative? Thanks for clarifying to an outside perspective. Brian S. _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
