Hi Tobias, Thanks for your feedback. A few remarks below.
Encrypted CWTs - In some circumstances CWT claims can be useful to have available for processing prior to decryption. For example the iss claim can be used to indicate to a recipient of an encrypted CWT how it should be decrypted, by informing the recipient who encrypted (and potentially signed) it. [hannes] There is already a field in COSE that allows you to identify the key, namely the kid. (key identity) Detached Signature - In cases where a detached signature COSE structure is being used the payload can be un-available (or of invalid form) to express CWT claims. A concrete example is being able to express who signed the detached signature structure (using the iss claim) and when it expires (using the exp claim). [hannes] Can you show me how this looks like? Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
