Hi Carsten, OK, that seems to work, but it somehow feels wrong since then you couple multiple layers together during decoding. What's the disadvantage of always making it an array? Is this about the one extra byte in the case of a single countersignature?
Maik -----Original Message----- From: Carsten Bormann <[email protected]> Sent: 22 April 2022 18:19 To: Maik Riechert <[email protected]> Cc: [email protected] Subject: [EXTERNAL] Re: [COSE] Countersignature header: distinguishing COSE_Signature from [+COSE_Signature] [You don't often get email from [email protected]. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification.] Hi Maik, On 2022-04-21, at 14:50, Maik Riechert <[email protected]> wrote: > > [COSE_Signature] / [+ COSE_Signature] > ? 7 => COSE_Signature / [+COSE_Signature] ; Counter signature actually (no array for a single signature). This can be disambiguated because the three-element array that a COSE_Signature is, is never structured such that it can be misunderstood as an array of COSE_Signatures. In CDDL (following some indirections): COSE_Signature = [ protected : bstr .cbor header_map / bstr .size 0 unprotected : header_map signature : bstr ] So the contents of the array starts with a byte string, then a map follows, and it finally is a byte string. Maybe not the finest day of optimizing one's CBOR, but not hard to implement either: The value for key 7 always is an array. If the first element of that is a byte string, process (and validate) the array as a single signature. If the first element is another array, process (and validate) the outer array as an array of signatures. Grüße, Carsten _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
