| rfc9711v7.txt | rfc9711.txt | |||
|---|---|---|---|---|
| skipping to change at line 1919 ¶ | skipping to change at line 1919 ¶ | |||
| When COSE protection is used, the profile should specify whether COSE | When COSE protection is used, the profile should specify whether COSE | |||
| tags are used or not. Note that RFC 8392 requires COSE tags be used | tags are used or not. Note that RFC 8392 requires COSE tags be used | |||
| in a CWT tag. | in a CWT tag. | |||
| Often, a tag is unnecessary because the surrounding or carrying | Often, a tag is unnecessary because the surrounding or carrying | |||
| protocol identifies the object as an EAT. | protocol identifies the object as an EAT. | |||
| 6.3.6. COSE/JOSE Protection | 6.3.6. COSE/JOSE Protection | |||
| COSE and JOSE have several options for signed, MACed, and encrypted | COSE and JOSE have several options for signed, MACed, and encrypted | |||
| messages. JWT may use the JOSE 'null' protection option. It is | messages. It may be an Unsecured JWT as described in Section 6 of | |||
| possible to implement no protection, sign only, MAC only, sign then | [RFC7519]. It is possible to implement no protection, sign only, MAC | |||
| encrypt, and so on. All combinations allowed by COSE, JOSE, JWT, and | only, sign then encrypt, and so on. All combinations allowed by | |||
| CWT are allowed by EAT. | COSE, JOSE, JWT, and CWT are allowed by EAT. | |||
| A profile should specify all signing, encryption, and MAC message | A profile should specify all signing, encryption, and MAC message | |||
| formats that may be sent. For example, a profile might allow only | formats that may be sent. For example, a profile might allow only | |||
| COSE_Sign1 to be sent. As another example, a profile might allow | COSE_Sign1 to be sent. As another example, a profile might allow | |||
| COSE_Sign and COSE_Encrypt to be sent to carry multiple signatures | COSE_Sign and COSE_Encrypt to be sent to carry multiple signatures | |||
| for post quantum cryptography and to use encryption to provide | for post quantum cryptography and to use encryption to provide | |||
| confidentiality. | confidentiality. | |||
| A profile should specify that the receiver accepts all message | A profile should specify that the receiver accepts all message | |||
| formats that are allowed to be sent. | formats that are allowed to be sent. | |||
| End of changes. 1 change blocks. | ||||
| 4 lines changed or deleted | 4 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||