On Oct 26, 2017, at 03:40, Thiago Macieira <[email protected]> wrote: > > Also note that COSE requires that the protected maps also conform to the > canonical format (RFC 7049 section 3.9), but our map doesn't.
Actually, COSE doesn’t require that. The fact that we didn’t want to require canonicalization of the map is the exact reason we use cbor-in-cbor: The sender can encode in any way you want, but the resulting exact byte string becomes part of the signed message. (There are some minimal canonicalization requirements in the way the signing inputs are constructed, but that is for an array only — any implementation should almost automatically put out canonical format here — and never crosses the wire. See section 4.4 of RFC 8152.) Grüße, Carsten _______________________________________________ iotivity-dev mailing list [email protected] https://lists.iotivity.org/mailman/listinfo/iotivity-dev
