Perhaps https://www.rfc-editor.org/rfc/rfc8392.html#section-3
Seems like saying the semantics are the same when the map is in the header as when the map is the payload should be enough.
This same issue exists with every COSE parameter that can be present in both the protected and unprotected headers.
alg and kid are good examples.
9052 says they SHOULD not be in both... Meaning they can be in both... How do we know their semantics are the same when they are in both?
This issue also does not seem to be specific to the draft in question.
I suggest we tackle these issues in a separate document.
OS
On Thu, Nov 2, 2023, 4:46 PM Carsten Bormann <cabo@xxxxxxx> wrote:
On Nov 2, 2023, at 18:58, lgl island-resort.com <lgl@xxxxxxxxxxxxxxxxx> wrote:
>
> 2) Publish with warnings
I’m not a big fan of including “to implement this specification, you must read it, and all the other specifications that might be relevant for your application” with every RFC.
> (and add errata for COSE and JOSE?)
Well, that is a bogeyman; there is nothing that the WG got wrong here that calls for an errata report.
Now that we are done with “warnings”, I still believe this inclusion is not usable without saying what the cwt is supposed to *do*, its “semantics". So saying something like »“typ” or another header field needs to supply the semantics for this syntactical device« seems necessary. (*Good design* would then be to include the cwt-in-headers with the field that defines its semantics, but that is not *necessary*. It may come in helpful when you suddenly need two of them, with different semantics.)
Grüße, Carsten
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
