>> >> > Are you trying to implement an embedded detached signature? >> >> The proper term is rather enveloped signature. It was featured in XML DSig. >> CSF is code-wise between 1 and 2 magnitudes simpler. >>
On 26. Aug 2024, at 20:07, Orie Steele <orie@transmute.industries> wrote: > Do you have an IETF citation for this? > > Seems like a misuse of "enveloped" in the context of > https://datatracker.ietf.org/doc/html/rfc9052#name-enveloped-cose-structure (Summarizing some discussion that happened over at cbor@ in the meantime:) CMS (PKCS#7) uses “enveloped” in the sense of “built into an envelope”, which might be called “enveloping” in other environments (which then go on to use “enveloped” for an opposite!). I think it was rather natural for Jim to have COSE use the CMS terminology that should be familiar to IETFers. See also RFC 4949 under $ digital envelope, which unfortunately doesn’t go far enough to discuss the two terms “enveloped” and “enveloping”. I (and I think by now their proponent over in cbor@, Anders) prefer to call XMLDSig’s “enveloped signatures” by a less ambiguous term, “embedded signatures”. These are the ones that can require deterministic representation (of which the deterministic serialization part is rather easy to do in CBOR) plus a transform specification (not that easy in the general case where you may have embedded signatures all over the place in the data item, some of which actually are countersignatures). Grüße, Carsten _______________________________________________ COSE mailing list -- cose@ietf.org To unsubscribe send an email to cose-le...@ietf.org
