Change OID name and add clarification notes #11
Conversation
|
This also closes issue #9. @dimakuv, @KB5201314 please review. |
| - CBOR tag: a CBOR tag registered with IANA or some other registry serves as evidence format ID | ||
| - CBOR data: this data covered by the tag contains the evidence (including custom claims). Its format is defined by the CBOR tag. | ||
| - CBOR data: this data covered by the tag contains the evidence (including custom claims). Its format is defined by the CBOR tag. | ||
| - Note: the DICE specification states that the criticality flag of this extension SHOULD be marked critical, but popular TLS libraries (such as openssl and mbedtls) will fail in verification of an X.509 cert with this extension if its criticality flag is set. To overcome this limitation, the criticality flag will be cleared. |
There was a problem hiding this comment.
Why do you say will be cleared? Shouldn't it be more like Until most popular TLS libraries start recognizing this extension, the crticiality flag of this extension should be cleared.
There was a problem hiding this comment.
As commented above, let's take another look to see if the criticality flag can be set.
There was a problem hiding this comment.
Based on my experiments with mbedTLS, no, we can't set the criticality flag. See #9 (comment)
There was a problem hiding this comment.
Please review the latest commit.
Why do you say
will be cleared? Shouldn't it be more likeUntil most popular TLS libraries start recognizing this extension, the crticiality flag of this extension should be cleared.
|
|
||
| # Evidence Custom Claims | ||
| The evidence extension must include a `pubkey-hash` claim, and can optionally include a `nonce` claim: | ||
| The evidence extension must include a `pubkey-hash` claim, and can optionally include a `nonce` claim. All other custom claims will be ignored. How the custom claims are stored in the evidence is dependent on the specific evidence format definition. |
There was a problem hiding this comment.
How the custom claims are stored in the evidence is dependent on the specific evidence format definition.
Do we want this sentence? It doesn't really describe anything, and it only confused me on the first read.
There was a problem hiding this comment.
How the custom claims are stored in the evidence is dependent on the specific evidence format definition.Do we want this sentence? It doesn't really describe anything, and it only confused me on the first read.
Thanks! I'll remove it.
No description provided.