> Should I treat a null/empty kid as if there were no kid field at all, IMO Yes.
> and then use some other heuristic to find the right verification key Or just throw an error, if your use case requires `kid`... or would benefit from requiring it. I'd avoid offering to do work to process data where the issuer didn't bother doing their job (which is to make your job easier). Regards, OS On Mon, Jul 4, 2022 at 12:29 PM Michael Richardson <[email protected]> wrote: > > RFC9254-to-be/yang-cbor says: > Data nodes implemented using a CBOR array, map, byte string, or text > string can be instantiated but empty. In this case, they are encoded > with > a length of zero. > > When encoding/dealing with the COSE Sign0 in > draft-ietf-anima-constrained-voucher, we have some puzzling about what to > do > with: > > kid: null > or: kid: "" > or: kid: h'' > > so, two remarks. First, the kid: field is in the Sign0 structure, not > actually in the YANG-CBOR, so arguably the above comment does *NOT* apply! > > My puzzling is about kid. Should I treat a null/empty kid as if there were > no kid field at all, and then use some other heuristic to find the right > verification key, or should I treat it as a entry null, which must match > a null/""/h'' entry in a database for the key. > Normally, it might be a hash of a public key, so seeing h'xx..xx' would be > reasonable. > > I'm curious what COSE people say. > KID is annoyingly use case specific :-( > > -- > Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > > > _______________________________________________ > COSE mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/cose > -- *ORIE STEELE* Chief Technical Officer www.transmute.industries <https://www.transmute.industries>
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
