Hi, https://www.rfc-editor.org/errata/eid8390
I believe this errata should be verified. The reason is that in JOSE we have have: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-header-parameters "x5t" & "x5t#S256" In COSE we have: https://datatracker.ietf.org/doc/html/rfc9360#section-2-5.6.1 There is no need for the "#S256" part, because x5t in COSE uses "COSE_CertHash", where the first array element is used to signal the hash function used for the thumbprint... and indeed, you should not be using sha1 these days. Regards, OS, as an author of RFC 9679
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
