On 2023-10-27, at 18:37, Michael Jones <[email protected]> wrote: > > Cross-protocol attacks are prevented through the use of Explicit Typing, as > described in the JWT BCP at > https://www.rfc-editor.org/rfc/rfc8725.html#name-use-explicit-typing and > https://www.ietf.org/archive/id/draft-ietf-cose-typ-header-parameter-00.html.
OK, so the definition of (k)ccs and (k)cwt should include the mandate that they can only be used in conjunction with a typ that defines the semantics of (k)css or (k)cwt present? Grüße, Carsten _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
