Hi Carsten,
the CDDL snippet you highlighted is imported from RFC9393, actually, and
that is an RFC.
Viele Grüße,
Henk
On 04.03.25 17:55, Carsten Bormann wrote:
Hi Orie,
What happens if the resolved file has the correct hash, but incorrect file size?
You invoke crypto agility and choose a better hash function :-)
(I understand Ilari’s argument that being able to limit the file size before
computing the hash can help mitigate DoS.)
I wonder if there is some CBOR related filesystem RFC that could provide the
file size and other relevant metadata.
file-entry = {
filesystem-item,
? size => uint,
? file-version => text,
? hash => hash-entry,
* $$file-extension,
global-attributes,
}
Not an RFC yet, but pretty advanced already:
https://www.ietf.org/archive/id/draft-ietf-rats-corim-07.html#appendix-A-1
Grüße, Carsten
_______________________________________________
COSE mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
COSE mailing list -- [email protected]
To unsubscribe send an email to [email protected]
