The manifest creator role belongs to the unsigned-corim, whereas the signer role (and its associated metadata) should be hosted at the unsigned-corim level.
This goes towards a cleaner separation between the crypto&transport layer provided by signed-corim (i.e., the COSE Sign1 envelope) and the semantic layer provided by unsigned-corim.
The manifest creator role belongs to the
unsigned-corim, whereas the signer role (and its associated metadata) should be hosted at theunsigned-corimlevel.This goes towards a cleaner separation between the crypto&transport layer provided by
signed-corim(i.e., the COSE Sign1 envelope) and the semantic layer provided byunsigned-corim.