Each RAMF message type should be assigned an OID and that OID should be the first item in the sequence that gets signed. This would prevent against an attack where the type of a RAMF message is changed.
I believe the probability and impact are both low. In fact, I don't think this attack can work with the current RAMF messages being as all payloads are very different to each other, but this is a good practice and we might have future RAMF messages with compatible payloads.
Each RAMF message type should be assigned an OID and that OID should be the first item in the sequence that gets signed. This would prevent against an attack where the type of a RAMF message is changed.
I believe the probability and impact are both low. In fact, I don't think this attack can work with the current RAMF messages being as all payloads are very different to each other, but this is a good practice and we might have future RAMF messages with compatible payloads.