spec: move certificate chain discussion to a new issue (#209)

* move certificate chain discussion to a new issue Signed-off-by: Yi Zha <[email protected]>
notaryproject · Nov 22, 2022 · fa0d6aa · fa0d6aa
1 parent cf533b8
commit fa0d6aa
Showing 1 changed file with 0 additions and 1 deletion.
diff --git a/specs/signature-envelope-cose.md b/specs/signature-envelope-cose.md
@@ -132,7 +132,6 @@ Notary v2 supports the following unprotected header parameters:
 Note: `<<` and `>>` are used to notate the CBOR byte string resulting from encoding the data item.
 
 - **[`x5chain`](https://datatracker.ietf.org/doc/html/draft-ietf-cose-x509-08#section-2)** (*array of bstr*): This REQUIRED parameter (label `33` by [IANA](https://www.iana.org/assignments/cose/cose.xhtml#header-parameters)) contains the ordered list of X.509 certificate or certificate chain ([RFC5280](https://datatracker.ietf.org/doc/html/rfc5280)) corresponding to the key used to digitally sign the COSE. The certificate chain is represented as an array of certificate, each certificate in the array is DER encoded and then wrapped in a CBOR byte string. The certificate containing the public key corresponding to the key used to digitally sign the COSE MUST be the first certificate, followed by the intermediate and root certificates in the correct order. Refer [*Certificate Chain* unsigned attribute](signature-specification.md#unsigned-attributes) for more details. Optionally, this header can be presented in the protected header.
-  - **TODO** update signature specification to allow chains in protected header
 - **`io.cncf.notary.timestampSignature`** (*bstr*): This OPTIONAL header is used to store countersignature that provides authentic signing time. Only [RFC3161]([rfc3161](https://datatracker.ietf.org/doc/html/rfc3161#section-2.4.2)) compliant `TimeStampToken` are supported.
   - **TODO** Define the opaque datum (hash of envelope) that is sent to TSA, and how TSA response (time stamp token) is represented in this header.
 - **`io.cncf.notary.signingAgent`** (*tstr*): This OPTIONAL header provides the identifier of a client (e.g. Notation) that produced the signature. E.g. `notation/1.0.0`. Refer [*Signing Agent* unsigned attribute](signature-specification.md#unsigned-attributes) for more details.