On Wed, Mar 8, 2023 at 1:04 PM Laurence Lundblade <[email protected]> wrote:
> On Mar 8, 2023, at 12:50 PM, Christopher Allen < > [email protected]> wrote: > I was aware that COSE RFC 9338 had an optional detached form, but I wasn't > able to find a specific section about it. Is it defined further by another > RFC or internet-draft? > > Search for “detached” in RFC 9052. > Thanks. Though I think it is more than just "not prominent", it is almost hidden there. Even more so in RFC 9228. (IMHO it at least deserved a sub-section or appendix with examples.) There are not really any rules for detached stuff in 9052. It might be > transmitted parallel with the COSE_Sign or not. It might be data at rest. > It might not be CBOR. If it is CBOR it doesn’t have to be any type of CBOR. > It might be reconstructed from other data in some deterministic way… The > only thing is that the payload verifier must be able to somehow have the > same bytes as the signer. This is a good thing as it allows the application > to do what ever it needs to do. In your case it will be dCBOR. :-) > That makes sense. Is there an exemplary library or code base out there that implements detached COSE, in particular with text cases and test vectors that we could use to experiment with, or to build our own library in rust? -- Christopher Allen
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
