I don't particularly find this tone helpful, but solely from a "correcting the record standpoint" I would say *some* Verifiable Credential cases might choose to use the data integrity path. Others might use COSE with typ headers
https://www.w3.org/TR/vc-jose-cose/#securing-vcs-with-cose On Sat, Mar 8, 2025, 10:03 Anders Rundgren <[email protected]> wrote: > On 2025-03-06 18:38, Carsten Bormann wrote: > > On 2025-03-06, at 17:13, Anders Rundgren <[email protected]> > wrote: > >> > >> Q: How do you accomplish this in COSE? > > > > For instance, using the header parameter “typ” (16), see RFC 9596. > > Thanx! > > RFC 9596 is a pathetic workaround to fix a self-inflicted issue 🤡 > > Effectively COSE does NOT support tagged objects in a reasonable way. > > Enveloped signatures OTOH, are compatible with systems using tagging for > all kinds of objects, signed or not. > > This is what the Verified Credentials folks want to do: > > https://www.w3.org/TR/vc-data-integrity/#example-a-simple-signed-json-data-document > However, due to ideas like "canonicalization doesn't work" they [probably] > end-up with the usual JWT base&4Url c**p anyway. > > With CBOR, we can finally give these people what they *really* want! > Isn't that good? 😀 > > Anders > > > RFC 9052 header parameter “content type” (3) solves a related, but > different problem. > > > > Grüße, Carsten > > > > _______________________________________________ > COSE mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
