IETF logoTobias Looker and I have published an updated CBOR Web Token (CWT) Claims in COSE Headers specification that addresses the IETF Last Call (WGLC) comments received. Changes made were:

  • Added Privacy Consideration about unencrypted claims in header parameters.
  • Added Security Consideration about detached content.
  • Added Security Consideration about claims that are present both in the payload and the header of a CWT.
  • Changed requested IANA COSE Header Parameter assignment number from 13 to 15 due to subsequent assignments of 13 and 14.
  • Acknowledged last call reviewers.

The specification is available at:

The specification is scheduled for the IESG telechat on November 30, 2023.