On Sat, May 27, 2023 at 10:24:05AM +0200, Hannes Tschofenig wrote: > > Kohei and I have been working on a small draft needed for TEEP and SUIT, > which re-use prior work done with RFC 7638 "JWT Thumbprint". > > The abstract explains it: > > This specification defines a method for computing a hash value over a > COSE Key. It defines which fields in a COSE Key structure are used in > the hash computation, the method of creating a canonical form of the > fields, and how to hash the byte sequence. > > We would like the COSE working group to adopt this document. > > Here is the link to the draft: > > https://datatracker.ietf.org/doc/html/draft-isobe-cose-key-thumbprint
I think the draft should also add required fields for OKP and HSS-LMS key types. For OKP, the required fields are in order: - kty (uint) - crv (int/tstr) - x (bstr) For HSS-LMS, the required fields are in order: - kty (uint) - pub (bstr) (There is also WalnutDSA, but that is probably horribly broken, and it is not completely clear which fields are required.) Then there is section 5: - "For better readability, the example is first presented in JSON (with the long line broken for display purposes only)." ... That does not look like JSON, it looks like CBOR diagnostic format. - Using '-3: false' might be better example, as it would involve key decompression. - Is the required order wrong way around? AFAICT, it is 1, -1, -2, -3, like in the diagnostic format. -Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
