sbahloul
commented
8 years ago NRMessage stands for Non Repudiation Message. It is the piece of information that the Trusted UI component should display and which the end-user should agree.
The data can be much larger (for example a PDF document) and will be signed with the same key at the same time. But because the data presentation cannot be managed in Trusted UI environment, the signed data should be considered as an additional piece of trust, based on the main and accepted trust proof which will be the non repudiation message signature.
Ketan2016
Section 4.1.4.1: The Confirm Method Text: This step can be bypassed if the user has registered a preferred key for this origin, but then the key should be presented with the NRMessage. Question: What is the difference between “NRMessage” and “data”? Also, Confirm method seems to be very similar to Sign method and does not seem to be necessary.