On Mon, Mar 03, 2025 at 02:27:06PM -0600, Orie Steele wrote: > Hi, > > I understand there is a desire to add the file size (in octets) to the > protected header, and to register a new header parameter. > > The existing header parameters are hints for resolving the file (location > and content type). > > This file size parameter, is file metadata, and is partly redundant to the > file hash, since the hash is commiting to the exact file bytes. > > Having a file size enables a party with a hash envelope to decide if the > size is too large to even attempt to use the location and content type.
I was thinking of preallocating the space for the file, and being able to instantly close transfer if the server (which is untrusted!) gives too large file (e.g., for DoS). > Is the file name important? I can't offhand figure out any use for that. > What happens if the resolved file has the correct hash, but incorrect file > size? Fail transfer as soon as incorrect size is received (as soon as HTTP Content-Length is received, when file cuts off prematurely, or file continues past where it should end). -Ilari _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
