I think that's premature. For one thing,
https://www.ietf.org/archive/id/draft-ietf-cose-typ-header-parameter-00.html
hasn't reached WGLC. I wouldn't suggest blocking draft-ietf-lake-edhoc from
becoming an RFC until draft-ietf-cose-cwt-claims-in-headers also becomes an RFC.
We can keep making progress on multiple useful things for the CBOR/COSE/CWT
ecosystems largely in parallel. There's a specific synchronization point for
draft-ietf-cose-cwt-claims-in-headers and draft-ietf-lake-edhoc because of the
shared IANA registration, which Francesca correctly pointed out.
Cheers,
-- Mike
-----Original Message-----
From: Carsten Bormann <[email protected]>
Sent: Friday, October 27, 2023 9:45 AM
To: Michael Jones <[email protected]>
Cc: Francesca Palombini <[email protected]>;
[email protected]; [email protected]; [email protected]
Subject: Re: [COSE] [IANA #1284212] expert review for
draft-ietf-cose-cwt-claims-in-headers (cose)
On 2023-10-27, at 18:37, Michael Jones <[email protected]> wrote:
>
> Cross-protocol attacks are prevented through the use of Explicit Typing, as
> described in the JWT BCP at
> https://www.rfc-editor.org/rfc/rfc8725.html#name-use-explicit-typing and
> https://www.ietf.org/archive/id/draft-ietf-cose-typ-header-parameter-00.html.
OK, so the definition of (k)ccs and (k)cwt should include the mandate that they
can only be used in conjunction with a typ that defines the semantics of (k)css
or (k)cwt present?
Grüße, Carsten
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
