search

cose-wg / X509

Define a set of COSE header fields that can be used to carry and reference X.509 certificates
Other
4 stars 8 forks source link

Require DER encoding for x5t #21

Closed laurencelundblade closed 3 years ago

laurencelundblade commented 4 years ago

Since the data is being hashed, it has to be in a canonical form, so it should specify DER encoding.

jimsch commented 4 years ago

No that is not correct. The form to be hashed is what ever is signed and there. Forcing a re-encode to DER is known to generate errors. This is standard behavior in the X.509 world.

laurencelundblade commented 4 years ago

Is x5t the hash of the leaf cert in x5bag or x5chain? If so, that would explain why most of my comments are not making sense.

I interpreted it as another way to identify a cert similar to x5bag. I was going to say that it needs to be an array like x5bag.

Pretty sure x5t needs some clarification.

laurencelundblade commented 3 years ago

This is fixed in the -08 draft which actually says x5t is a hash over DER.