PM
> > To: Hannes Tschofenig <hannes.tschofe...@arm.com>
> > Cc: Mike Jones <michael.jo...@microsoft.com>; Jim Schaad
> > <i...@augustcellars.com>; ace@ietf.org
> > Subject: Re: [Ace] draft-ietf-ace-cbor-web-token-08 - CWT CBOR Tag
> >
> > On Oct 19
ormann [mailto:c...@tzi.org]
> Sent: Thursday, October 19, 2017 1:32 PM
> To: Hannes Tschofenig <hannes.tschofe...@arm.com>
> Cc: Mike Jones <michael.jo...@microsoft.com>; Jim Schaad
> <i...@augustcellars.com>; ace@ietf.org
> Subject: Re: [Ace] draft-ietf-ace-cbor-web
.
-- Mike
-Original Message-
From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Carsten Bormann
Sent: Thursday, October 19, 2017 10:05 AM
To: Jim Schaad <i...@augustcellars.com>
Cc: Hannes Tschofenig <hannes.tschofe...@arm.com>; ace@ietf.org
Subject: Re: [Ace] draft-ietf-
On Oct 19, 2017, at 18:41, Jim Schaad wrote:
>
> • I already know that this is going to be a CWT so I save a byte.
> • I don’t know so I waste a tag byte in that case.
Right. In REST protocols, we usually have a media type, so we don’t need the
CBOR Tag.
Hi Hannes,
This is how I think it should be done.
There are two keys that needs to be identified, the key to verify the CWT
and the key to use for the DTLS handshake.
When it comes to verifying the CWT, it is the AS key that should be used. I
don´t think it is unreasonable to assume that the AS
We have no plans to use external data in CWT. As you pointed out it would
move us further form JWT something that we have actively tried to avoid.
On Mon, Jun 26, 2017 at 8:57 AM Jim Schaad wrote:
> Are the authors planning to do anything with the external data option
Are the authors planning to do anything with the external data option that
is part of the COSE specification? I realize that this is not part of JWT
and thus including it would lead to a difference between the specifications,
but as I was working to try and get my CWT implementation the question