> On Mar 8, 2023, at 1:13 PM, Christopher Allen
> <[email protected]> wrote:
>
> On Wed, Mar 8, 2023 at 1:04 PM Laurence Lundblade <[email protected]
> <mailto:[email protected]>> wrote:
>> On Mar 8, 2023, at 12:50 PM, Christopher Allen
>> <[email protected]
>> <mailto:[email protected]>> wrote:
>> I was aware that COSE RFC 9338 had an optional detached form, but I wasn't
>> able to find a specific section about it. Is it defined further by another
>> RFC or internet-draft?
> Search for “detached” in RFC 9052.
>
> Thanks. Though I think it is more than just "not prominent", it is almost
> hidden there. Even more so in RFC 9228. (IMHO it at least deserved a
> sub-section or appendix with examples.)
Yeah, COSE is a pretty large standard. It could be filled in more, more
examples, more implementations. It’s getting there though.
> There are not really any rules for detached stuff in 9052. It might be
> transmitted parallel with the COSE_Sign or not. It might be data at rest. It
> might not be CBOR. If it is CBOR it doesn’t have to be any type of CBOR. It
> might be reconstructed from other data in some deterministic way… The only
> thing is that the payload verifier must be able to somehow have the same
> bytes as the signer. This is a good thing as it allows the application to do
> what ever it needs to do. In your case it will be dCBOR. :-)
>
> That makes sense.
>
> Is there an exemplary library or code base out there that implements detached
> COSE, in particular with text cases and test vectors that we could use to
> experiment with, or to build our own library in rust?
https://github.com/laurencelundblade/t_cose — see
short_circuit_self_detached_content_test(). I believe the SUIT guys have also
done a lot of implementation of detached with t_cose
LL
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
