Hi Med, On Mon, 28 Apr 2025 at 12:16, Thomas Fossati <[email protected]> wrote: > > # Hash details: can we have an authoritative reference to zoom more about > > how > > the hash is computed/validated? > > > > CURRENT: > > The MessageImprint sent to the TSA (Section 2.4 of [RFC3161]) MUST be > > the hash of the payload of the COSE signed object. > > I see the mild ambiguity here. I believe we can make it more crisp by > adding "field" as follows: > > NEW: > The MessageImprint sent to the TSA (Section 2.4 of [RFC3161]) MUST be > the hash of the "payload" field of the COSE signed object. ^^^^^^^^^^^^^^^ I retract the (incorrect) suggestion I made above.
The sentence that follosw the one you highlighted: This does not include the bstr-wrapping, only the payload bytes. should provide enough precision about what is captured by the hash. cheers! t _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
