Hi Ilari,
thanks for the quick comments.
Am 04.01.2024 um 14:24 schrieb Ilari Liusvaara:
On Thu, Jan 04, 2024 at 12:27:25PM +0100, Hannes Tschofenig wrote:
Brendan and I have submitted a draft that defines new header parameters
to carry chains of CWTs.
RFC 9360 defined header parameters to carry chains of X.509 certificates
in COSE and this document applies the concept to CWTs. A CWT, when it
contains the RFC 8747 cnf claim, behaves like a certificate. The
functionality of this draft was extract from one of the SUIT working
group documents. We believe that other applications will also need this
feature.
Here is the link to the document:
https://datatracker.ietf.org/doc/draft-tschofenig-cose-cwt-chain/
Some quick comments:
- Is there some claim that CWT is allowed to issue other CWTs (like the
BasicConstraints CA flag in X.509)?
No, not right now. I tried to keep it as simple as possible to start
with and leave it to others to define extensions.
- I would have expected path validation to call that each CWT is signed
by the key in confirmation of the previous CWT...
This statement is somewhere. Will search for it.
Ciao
Hannes
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
