Just to highlight this and make it concrete. COSE did the same thing in defining optional tags that can be used. Looking at the CWT document, the tags are being used because without the tag one cannot tell what the security operation is that is being used. However the OAuth-Authz draft is using the COSE_Encrypt object without a tag because there are other indications (the name in the map) such that which COSE object is being used is clearly defined.
I expect similar usages to occur with CWT in the future. -----Original Message----- From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Jim Schaad Sent: Thursday, October 19, 2017 2:14 PM To: 'Carsten Bormann' <c...@tzi.org>; 'Hannes Tschofenig' <hannes.tschofe...@arm.com> Cc: 'Mike Jones' <michael.jo...@microsoft.com>; ace@ietf.org Subject: Re: [Ace] draft-ietf-ace-cbor-web-token-08 - CWT CBOR Tag The type of location where it might show up is where one does a value that is placed in an array where it can be either an A or a B and you use the tag to distinguish between the two options. This can be very useful in those cases. > -----Original Message----- > From: Carsten Bormann [mailto:c...@tzi.org] > Sent: Thursday, October 19, 2017 1:32 PM > To: Hannes Tschofenig <hannes.tschofe...@arm.com> > Cc: Mike Jones <michael.jo...@microsoft.com>; Jim Schaad > <i...@augustcellars.com>; ace@ietf.org > Subject: Re: [Ace] draft-ietf-ace-cbor-web-token-08 - CWT CBOR Tag > > On Oct 19, 2017, at 21:30, Hannes Tschofenig > <hannes.tschofe...@arm.com> wrote: > > > > For the cost saving of one byte we are essentially introduction > > options > here. I am wondering whether this byte is worth it. > > Two bytes. > > It’s not really an option, as in every context there will be a single > right way to do this. > But yes, there are naked and tagged CWTs now. > > (If we only define the tagged version, very quickly there will be > specs that define a “compressed CWT” that just leaves out those first > two bytes…) > > Grüße, Carsten _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
