Re: [Last-Call] [COSE] Iotdir telechat review of draft-ietf-cose-cwt-claims-in-headers-07

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Hannes,

On Nov 1, 2023, at 10:30 AM, Hannes Tschofenig <hannes.tschofenig@xxxxxxx> wrote:

You also agree with me that information in the protected header is often processed without prior security verification.

I’m not sure we’re thinking the same here.

I think there is no problem that calims-in-headers might be processed without verification.

I think that because we process protected headers/parameters in CMS, COSE and JOSE without verification.

If it’s not a security issue for CMS, COSE and JOSE, it’s not a security issue for claims-in-headers. CMS in particular goes back decades.

LL 
-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux