Hi Orie,
> What happens if the resolved file has the correct hash, but incorrect file
> size?
You invoke crypto agility and choose a better hash function :-)
(I understand Ilari’s argument that being able to limit the file size before
computing the hash can help mitigate DoS.)
> I wonder if there is some CBOR related filesystem RFC that could provide the
> file size and other relevant metadata.
file-entry = {
filesystem-item,
? size => uint,
? file-version => text,
? hash => hash-entry,
* $$file-extension,
global-attributes,
}
Not an RFC yet, but pretty advanced already:
https://www.ietf.org/archive/id/draft-ietf-rats-corim-07.html#appendix-A-1
Grüße, Carsten
_______________________________________________
COSE mailing list -- [email protected]
To unsubscribe send an email to [email protected]
