Open deeglaze opened 1 month ago
The CoRIM specification requires a tagged-unsigned-corim in the payload according to the CDDL. I don't think it should be required sign the content-type in the protected headers is enough context for the signature.
Either a spec flaw or an implementation bug...
Filed https://github.com/ietf-rats-wg/draft-ietf-rats-corim/pull/332 as well.
deeglaze
commented
1 month ago
The CoRIM specification requires a tagged-unsigned-corim in the payload according to the CDDL. I don't think it should be required sign the content-type in the protected headers is enough context for the signature.
Either a spec flaw or an implementation bug...