Ok, I see what you mean now! In the cBRSKI case, the creator of the signed voucher could include any CWT claims it wants/needs in this way.
thanks Esko -----Original Message----- From: Carsten Bormann <[email protected]> Sent: woensdag 5 maart 2025 12:36 To: Esko Dijk <[email protected]> Cc: [email protected] Subject: Re: [COSE] Simple numeric timestamp in COSE header (RFC 8392 "iat" style) > On 2025-03-05, at 11:13, Esko Dijk <[email protected]> wrote: > > > Would sticking in a CWT (COSE label 15) header parameter with a sole iat > > claim (CWT label 6) in it work for you? > > For the cBRSKI case, the COSE payload is a CBOR "voucher" as defined by > draft-ietf-anima-rfc8366bis. This doesn't use the CWT format. > Therefore the idea was to use the COSE parameters to carry extra information, > which can't fit into the "voucher”. Indeed, I picked up this idea and proposed using COSE header parameter 15 (RFC 9597). This COSE header is unrelated to any payload (being CWT or not). It carries a CWT Claims Set (CCS or UCCS (**)), not a CWT. So the protected header would look like this: <<{ /… other header parameters / /uccs/ 15: {/iat/ 6: 1741173870 / 2025-03-05T11:24:30Z /} }>> or h’A10FA1061A67C8346E' \ \ \___________uint 1741173870 \ \________________________________{6: /iat/ \_____________________________________________{15: /uccs/ An unprotected CWT claims set (UCCS) is fine here because it is carried in a COSE protected header. Grüße, Carsten (**): Tag 601 can also be used to identify a UCCS inside a larger datastructure: https://datatracker.ietf.org/doc/draft-ietf-rats-uccs/ but in this case the marking as COSE header parameter 15 is sufficient. _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
