|
Hi Laurence, > Laurence Lundblade <lgl@xxxxxxxxxxxxxxxxx> wrote: > > We could provide a base constrained device profile in the EAT document: > > 7.2.1 - CBOR only (no JSON) > 7.2.2 - No indefinite-length maps or arrays > 7.2.3 - No indefinite-length strings > 7.2.4 - Preferred encoding required > 7.2.5 - COSE_Sign1 protection > 7.2.6 - Receiver must accept ES 256, ES384 and ES 512. Sender must > send one of these. > 7.2.7 - DEB is not used > 7.2.8 - UEID serves as a verification key identifier (a bit awkward as > the unverified token contents must be decoded to get the key > to verify the contents) > 7.2.9 - (Not sure what to recommend for Endorsement identification) We can leave it open for now. Common best practices will emerge in time. > 7.2.10 - A new single unique nonce is used for every token request > 7.2.11 - 7.2.14 - No recommendation made as this varies too much by > use case > 7.2.15 - The token should not be a CBOR tag. It is assumed the > carrying protocol identifies the token as a nonce > 7.2.16 - No recommendation for manifests or evidence as this varies > too much by use case All sounds good and reasonable to me. cheers, thanks, t |
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
