Add claims validation consistently

veraison / go-cose

go library for CBOR Object Signing and Encryption (COSE)

Mozilla Public License 2.0

49 stars 26 forks source link

Add claims validation consistently #186

Closed SteveLasker closed 1 week ago

SteveLasker commented 5 months ago

          It could be argued this is essential to do, before merging this.

_Originally posted by @OR13 in https://github.com/veraison/go-cose/pull/183#discussion_r1467926710_

OR13 commented 5 months ago

If we do validation, we should do it based on risk assessment.

content type
x5t, x5c

There needs to be an argument for "why" we added extra validation logic.

And we need to be sure that we do not overstep the validation and create interoperability issues

yogeshbdeshpande commented 5 months ago

We should prioritise what validation we need to do. It is un-realistic to do validation of every element , however certain elements are essential to be validated!

Need to do analysis of which one are a priority and then proceed with a PR!

OR13 commented 1 week ago

Lets leave claims validation to the callers, and reduce the code we must maintain.