On Thu, Jan 04, 2024 at 12:27:25PM +0100, Hannes Tschofenig wrote: > > Brendan and I have submitted a draft that defines new header parameters > to carry chains of CWTs. > > > RFC 9360 defined header parameters to carry chains of X.509 certificates > in COSE and this document applies the concept to CWTs. A CWT, when it > contains the RFC 8747 cnf claim, behaves like a certificate. The > functionality of this draft was extract from one of the SUIT working > group documents. We believe that other applications will also need this > feature. > > > Here is the link to the document: > > https://datatracker.ietf.org/doc/draft-tschofenig-cose-cwt-chain/
Some quick comments: - Is there some claim that CWT is allowed to issue other CWTs (like the BasicConstraints CA flag in X.509)? - I would have expected path validation to call that each CWT is signed by the key in confirmation of the previous CWT... -Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
