hi Carl, Thanks very much for your review.
On Mon, 26 Aug 2024 at 12:10, Carl Wallace <[email protected]> wrote: > > The draft looks good to me. I have two minor suggestions. > > In section 3.2, there is language about minimizing dependencies by using the > same hash for the timestamp and the signature. This suggestion does not seem > to be unique to CTT, so I’d either repeat the language in 3.1 or move the > language to a more general location that covers both use cases. > > In section 4, I suggest changing > > “the receiver MUST make sure that the message imprint in the embedded > timestamp token matches either the payload or the signature fields, depending > on the mode of use” > > to something like > > “the receiver MUST make sure that the message imprint in the embedded > timestamp token matches a hash of the payload, signature, or signatures > field, depending on the mode of use and type of COSE structure” Your suggestions make total sense. They are tracked at https://github.com/ietf-scitt/draft-birkholz-cose-tsa-tst-header-parameter/issues/13 cheers, thank you! _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
