Hi Brian, On 2026-02-23, at 16:13, Sipos, Brian J. <[email protected]> wrote: > > WG, > I have a need to associate some key restriction metadata with a COSE Key > value, specifically valid time restrictions equivalent to “not before” or > “not after” times. One option is to keep this metadata outside of but > alongside each COSE Key, another is to somehow embed these as key common > parameters. Is this something that has come up in other contexts and there > really is common use? Or are these kinds of restriction (the exact > parameters) too use-case-specific?
One interesting question is whether the parameters apply to the key itself or are, e.g., authorization consequences that apply once the key has been used, say, in a proof-of-possession or signature operation. Authorization consequences can change easily without the key or its parameters changing and are also typically highly application specific, so they probably should not be packaged within the key. There are guard rails for the authorization consequences in Table 5 (key_ops); similar to RFCs 7517 these are not coupled to a registry (a mistake, I tend to think). Grüße, Carsten _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
