Hi Carsten, Hi Christian,
I have been watching the recording from the IETF#118 COSE WG meeting where you provided feedback about the COSE Key Thumbprint URI functionality. Due to a conflict I wasn't able to attend that session. Mike note correctly that the design of the COSE Key Thumbprint URI aimed to mirrow the JSON Web Key (JWK) Thumbprint URIs (RFC9278) specification. Two comments were provided, which I would like to resolve in the near future: 1) Carsten, you argued not to use the urn:parameters:oauth IANA registry because there could be confusion due to the use of the word "oauth" in there. What other registry would you use? We could add a paragraph to the draft saying that the use is not limited to OAuth, if that helps. 2) Christian, you argued against the use of the IANA "Named Information Hash Algorithm Registry" for the hash algorithms. The argument was that the algorithm registry is not well maintained. You suggested to use the COSE algorithms registry instead. This would turn the following URI from urn:ietf:params:oauth:ckt:sha-256:SWvYr63zB-WwjGSwQhv53AFSijRKQ72oj63RZp2iU-w to urn:ietf:params:oauth:ckt:-16:SWvYr63zB-WwjGSwQhv53AFSijRKQ72oj63RZp2iU-w Maintaining a hash algorithm registry seems trivial since the number of hash algorithms don't seem to grow quickly. Re-using the COSE algorithms registry, however, might confuse readers since it contains a lot of other algorithms. I am not sure how to resolve these different views about the solution design. Ciao Hannes _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
