Hi Esko, > On 2025-03-05, at 09:40, Esko Dijk <[email protected]> wrote: > > Hi all, > > Based on cBRSKI work in the ANIMA WG (which uses COSE-Sign1 data objects) the > question came up if the COSE signature can be timestamped in a simple way. > "Simple" meaning here a single numeric uint value in seconds, something like > defined in RFC 8392 for the "iat" claim for CWTs in Section 3.1.6. > > This has the benefit that a constrained device can relatively easily parse it > - no codebase needed to parse strings, timezones, etc. Timezone is always UTC.
Definitely useful. Would sticking in a CWT (COSE label 15) header parameter with a sole iat claim (CWT label 6) in it work for you? That’s what we’ve been recently recommending. It does cost two extra bytes (assuming a IAT header parameter would get a single-byte number), but seems to meet the requirements you stated otherwise. > So this would rule out the use of draft-ietf-cose-tsa-tst-header-parameter > defined protected header parameter. tsa-tst is for the case when you already have a traditional RFC 3161 TSA in your picture, which it seems you don’t. Grüße, Carsten _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
