On 2025-03-06 18:38, Carsten Bormann wrote:
On 2025-03-06, at 17:13, Anders Rundgren <[email protected]> wrote:
Q: How do you accomplish this in COSE?
For instance, using the header parameter “typ” (16), see RFC 9596.
Thanx!
RFC 9596 is a pathetic workaround to fix a self-inflicted issue 🤡
Effectively COSE does NOT support tagged objects in a reasonable way.
Enveloped signatures OTOH, are compatible with systems using tagging for all
kinds of objects, signed or not.
This is what the Verified Credentials folks want to do:
https://www.w3.org/TR/vc-data-integrity/#example-a-simple-signed-json-data-document
However, due to ideas like "canonicalization doesn't work" they [probably] end-up
with the usual JWT base&4Url c**p anyway.
With CBOR, we can finally give these people what they *really* want! Isn't
that good? 😀
Anders
RFC 9052 header parameter “content type” (3) solves a related, but different
problem.
Grüße, Carsten
_______________________________________________
COSE mailing list -- [email protected]
To unsubscribe send an email to [email protected]
