> On 2025-03-05, at 11:13, Esko Dijk <[email protected]> wrote:
>
> > Would sticking in a CWT (COSE label 15) header parameter with a sole iat
> > claim (CWT label 6) in it work for you?
>
> For the cBRSKI case, the COSE payload is a CBOR "voucher" as defined by
> draft-ietf-anima-rfc8366bis. This doesn't use the CWT format.
> Therefore the idea was to use the COSE parameters to carry extra information,
> which can't fit into the "voucher”.
Indeed, I picked up this idea and proposed using COSE header parameter 15 (RFC
9597). This COSE header is unrelated to any payload (being CWT or not).
It carries a CWT Claims Set (CCS or UCCS (**)), not a CWT.
So the protected header would look like this:
<<{ /… other header parameters /
/uccs/ 15: {/iat/ 6: 1741173870 / 2025-03-05T11:24:30Z /}
}>>
or h’A10FA1061A67C8346E'
\ \ \___________uint 1741173870
\ \________________________________{6: /iat/
\_____________________________________________{15: /uccs/
An unprotected CWT claims set (UCCS) is fine here because it is carried in a
COSE protected header.
Grüße, Carsten
(**): Tag 601 can also be used to identify a UCCS inside a larger datastructure:
https://datatracker.ietf.org/doc/draft-ietf-rats-uccs/
but in this case the marking as COSE header parameter 15 is sufficient.
_______________________________________________
COSE mailing list -- [email protected]
To unsubscribe send an email to [email protected]
