On 2022-08-24, at 19:20, Toerless Eckert <[email protected]> wrote: > > data-to-be-signed = [session-id, initiator, ?locator-option, objective ]
That is getting closer to my question “what does it mean for (something) to be signed”? Apparently, this is a statement from an initiator, valid within the session-id, optionally scoped to the locator option, and expressed in the objective. These four are picked out of the message. The mechanism is specific to M_FLOOD and needs to be re—done for any other message type. The signed-data is missing a freshness component, which is either an absolute timestamp (like CWT exp, possibly enhanced with nbf/iat info) or an epoch marker. We want the objective to stand alone for forward compatibility; hence the signature would have a detached payload. What I don’t understand is why the signature then needs to be encoded as part of the objective. Why can’t I sign a combination of objectives that are only valid as that combination? Grüße, Carsten _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
