Jonathan: > I agree with you that a countersignature on COSE_Sign1 must have the > signature_value of the underlying message in the ToBeSigned input for the > countersignature; however, my interpretation of the current text for the > payload of the Countersign_structure is aligned with Christian's (for > COSE_Sign1). > > COSE's countersignature was generalized to apply to all COSE structures, so > the payload may not always be a signature_value as one might intuitively > expect. > > The design discussions for CounterSignatureV2 is in this thread: > https://mailarchive.ietf.org/arch/msg/cose/6-vyoetZboIdrwwEYoYlj9QY_3Q/ > <https://mailarchive.ietf.org/arch/msg/cose/6-vyoetZboIdrwwEYoYlj9QY_3Q/> > My recollection was that the group decided to proceed with the third option, > that is including every bstr value in the structure. I believe this is > consistent with step 6 in Section 3.3.
That is consistent with my memory too. > As Jim discussed in the above thread, countersignature on COSE_Sign1 was an > example where the original method defined in RFC 8152 failed because there > was no way to capture the signature_value bstr since it was the third bstr in > the COSE message structure. Yes, Jim was seeking a general solution. > I disagree with the interpretation that I believe you and Christian have for > applying a countersignature to the COSE_Sign structure. You may find it > surprising, but that countersignature will not actually sign the > signature_value of any of the signers. As written in Section 3 of the I-D, > "When done on a COSE_Sign, this is the same as applying a second signature to > the payload and adding a parallel signature as a new COSE_Signature is the > preferred method." I have confirmed that the message payload is included and > not the signature_values nor signature array by validating the > countersignature in the example from C.1.3 of RFC 8152. In order to do the > traditional countersignature logic of signing a signature value, one would > apply the countersignature on the specific COSE_Signature structure in the > signatures array of COSE_Sign. Do you think anything needs to change in the document? Russ
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
