Authors might consider providing some guidance regarding validation of CTT where the COSE claims appear (iat, nbf) to have happened after the timestamp ( time travel ).
IIRC cose counter signatures apply to the protected header, payload and signature, whereas CTT only applies to the signatures. This means that the TSA does not countersign any protected information in the header? Some use cases for the 2 modes might improve the document. Security considerations seem light. OS On Tue, Jul 30, 2024, 1:03 PM Michael Jones <[email protected]> wrote: > Hi all, > > > > This message starts the Working Group Last Call (WGLC) for > https://www.ietf.org/archive/id/draft-ietf-cose-tsa-tst-header-parameter-02.html. > The WGLC will run for two weeks, ending on Tuesday, August 13, 2024. > > > > Please review and send any comments or feedback to the working group. > Even if your feedback is “this is ready for publication”, please let us > know. > > > > Thank you, > > -- Mike and Ivaylo, COSE Chairs > > > _______________________________________________ > COSE mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
