veraison / corim

CoRIM and CoMID manipulation library and CLI
Apache License 2.0
9 stars 7 forks source link

FromCOSE payload type not tagged unsigned-corim #131

Open deeglaze opened 1 month ago

deeglaze commented 1 month ago

The CoRIM specification requires a tagged-unsigned-corim in the payload according to the CDDL. I don't think it should be required sign the content-type in the protected headers is enough context for the signature.

Either a spec flaw or an implementation bug...

deeglaze commented 1 month ago

Filed https://github.com/ietf-rats-wg/draft-ietf-rats-corim/pull/332 as well.