Tobias Looker and I have published an updated CBOR Web Token (CWT) Claims in COSE Headers specification that addresses the IETF Last Call (WGLC) comments received. Changes made were:
- Added Privacy Consideration about unencrypted claims in header parameters.
- Added Security Consideration about detached content.
- Added Security Consideration about claims that are present both in the payload and the header of a CWT.
- Changed requested IANA COSE Header Parameter assignment number from 13 to 15 due to subsequent assignments of 13 and 14.
- Acknowledged last call reviewers.
The specification is available at:
The specification is scheduled for the IESG telechat on November 30, 2023.
Leave a Reply
You must be logged in to post a comment.