There is a way to embed CWT Claims in a header (preferably protected): https://datatracker.ietf.org/doc/rfc9597/, which you could use in the layer-0, and where you could set nbf and exp, but that would not be confidential of course.
I am also interested in an interoperable way to encode COSE_Key validity information, in the context of SCITT Statement Sequences. Amaury ________________________________ From: Sipos, Brian J. <[email protected]> Sent: 14 November 2025 02:59 To: cose <[email protected]> Subject: [EXTERNAL] [COSE] COSE equivalent to CMS Key Packages All, I would like to be able to securely and confidentially transport key material in a way similar to the CMS Encrypted Key Package [1] for symmetric and asymmetric key material and attributes, but without needing the ASN.1 infrastructure. There are many possible ways to do this, and I’m interested in getting feedback for what may already exist or have already been experimented with. The first thing that came to mind is simply enveloping a COSE_Key within a COSE_Encrypt and using the layer-0 header “content type” (3) with value “application/cose-key” (101). This would serve the minimal purpose but would rely on the COSE_Key to have all needed attributes, and right now there are no key common parameters to reflect things like starting and ending validity time. The next I looked at was using an encrypted CWT, which can contain a COSE_Key as a cnf (8) claim along with other attributes like validity time, which is structurally similar to what I’m interested in but the semantics are backwards. Rather than conveying private key material, the cnf claim is meant to prove pre-existing possession of private key material. So it seems like maybe the thing I’m looking for does not yet exist in an interoperable way. Any suggestions for what may already exist for this kind of thing? Brian S. [1] https://www.rfc-editor.org/rfc/rfc6032.html
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
