As mentioned in https://mailarchive.ietf.org/arch/msg/cose/pvLdj1lp75I3SiScI4yx_J1ird8/ we register codepoints for NIST algorithms that have a different bit order than implementations have traditionally expected. That thread concerns the issue as it relates to ECDSA, that is defined to act on bit strings rather than byte strings, though most IETF protocols deal only in byte strings (for which there does not seem to be any real controversy). Are there situations where cose hash algorithms need to be treated as bit strings that might merit a disclaimer about SHA-3 needing special handling?
If memory serves me well, this was supposed to be closed as most of our documents don't include such a disclaimer and adding one here might lead to more confusion.
As mentioned in https://mailarchive.ietf.org/arch/msg/cose/pvLdj1lp75I3SiScI4yx_J1ird8/ we register codepoints for NIST algorithms that have a different bit order than implementations have traditionally expected. That thread concerns the issue as it relates to ECDSA, that is defined to act on bit strings rather than byte strings, though most IETF protocols deal only in byte strings (for which there does not seem to be any real controversy). Are there situations where cose hash algorithms need to be treated as bit strings that might merit a disclaimer about SHA-3 needing special handling?