| rfc9679v2.txt | rfc9679.txt | |||
|---|---|---|---|---|
| skipping to change at line 92 ¶ | skipping to change at line 92 ¶ | |||
| function to a CBOR Object Signing and Encryption (COSE) Key structure | function to a CBOR Object Signing and Encryption (COSE) Key structure | |||
| [RFC9052], resulting in a hash value known as a "thumbprint". To | [RFC9052], resulting in a hash value known as a "thumbprint". To | |||
| achieve this, the document specifies which fields in the COSE Key | achieve this, the document specifies which fields in the COSE Key | |||
| structure are included in the hash computation, the process for | structure are included in the hash computation, the process for | |||
| creating a canonical form of these fields, and how to hash the | creating a canonical form of these fields, and how to hash the | |||
| resulting byte sequence. One of the primary use cases for this | resulting byte sequence. One of the primary use cases for this | |||
| thumbprint is as a naming scheme for identifying or selecting the | thumbprint is as a naming scheme for identifying or selecting the | |||
| key, such as by using the COSE Key Thumbprint value as a "kid" (key | key, such as by using the COSE Key Thumbprint value as a "kid" (key | |||
| ID). Another key use case involves key derivation functions that use | ID). Another key use case involves key derivation functions that use | |||
| the thumbprints of public keys from the endpoints, along with other | the thumbprints of public keys from the endpoints, along with other | |||
| application context information, to derive a symmetric key. | application context, to derive a symmetric key. | |||
| This specification outlines how thumbprints of COSE Keys are | This specification outlines how thumbprints of COSE Keys are | |||
| generated for both asymmetric and symmetric keys (see Sections 3 and | generated for both asymmetric and symmetric keys (see Sections 3 and | |||
| 4). Additionally, it introduces a new CBOR Web Token (CWT) | 4). Additionally, it introduces a new CBOR Web Token (CWT) | |||
| confirmation method, which has been added to the IANA "CWT | confirmation method, which has been added to the IANA "CWT | |||
| Confirmation Methods" registry established by [RFC8747]. For further | Confirmation Methods" registry established by [RFC8747]. For further | |||
| details on the use of a confirmation claim in a CWT with a proof-of- | details on the use of a confirmation claim in a CWT with a proof-of- | |||
| possession key, refer to Section 3.1 of [RFC8747]. | possession key, refer to Section 3.1 of [RFC8747]. | |||
| 2. Terminology | 2. Terminology | |||
| skipping to change at line 221 ¶ | skipping to change at line 221 ¶ | |||
| addition to the "kty" element, are required. | addition to the "kty" element, are required. | |||
| 5. Miscellaneous Considerations | 5. Miscellaneous Considerations | |||
| 5.1. Why Not Include Optional COSE Key Parameters? | 5.1. Why Not Include Optional COSE Key Parameters? | |||
| Optional parameters of COSE Keys are intentionally not included in | Optional parameters of COSE Keys are intentionally not included in | |||
| the COSE Key Thumbprint computation so that their absence or presence | the COSE Key Thumbprint computation so that their absence or presence | |||
| in the COSE Key does not alter the resulting value. The COSE Key | in the COSE Key does not alter the resulting value. The COSE Key | |||
| Thumbprint is a digest of the ordered essential parameters needed to | Thumbprint is a digest of the ordered essential parameters needed to | |||
| represent a COSE, with all other parameters excluded. | represent a COSE Key, with all other parameters excluded. | |||
| By excluding optional parameters, the COSE Key Thumbprint | By excluding optional parameters, the COSE Key Thumbprint | |||
| consistently refers to the key itself, not to a key with additional | consistently refers to the key itself, not to a key with additional | |||
| attributes. Different application contexts may include various | attributes. Different application contexts may include various | |||
| optional attributes in the COSE Key structure. If these optional | optional attributes in the COSE Key structure. If these optional | |||
| parameters were included in the thumbprint calculation, the resulting | parameters were included in the thumbprint calculation, the resulting | |||
| values could differ for the same key depending on the attributes | values could differ for the same key depending on the attributes | |||
| present. Including only the required parameters ensures that the | present. Including only the required parameters ensures that the | |||
| COSE Key Thumbprint remains consistent for a given key, regardless of | COSE Key Thumbprint remains consistent for a given key, regardless of | |||
| any additional attributes. | any additional attributes. | |||
| End of changes. 2 change blocks. | ||||
| 2 lines changed or deleted | 2 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||