{"id":2379,"date":"2023-07-08T20:03:30","date_gmt":"2023-07-09T03:03:30","guid":{"rendered":"https:\/\/self-issued.info\/?p=2379"},"modified":"2023-07-08T20:03:30","modified_gmt":"2023-07-09T03:03:30","slug":"cose-typ-type-header-parameter-specification","status":"publish","type":"post","link":"https:\/\/self-issued.info\/?p=2379","title":{"rendered":"COSE “typ” (type) Header Parameter Specification"},"content":{"rendered":"

\"IETF<\/span>Orie Steele<\/a> and I have created a specification to add a typ<\/code> header parameter to COSE – something increasingly widely used in JOSE but currently missing in COSE. The introduction to the spec tells the story:<\/p>\n

\nCBOR Object Signing and Encryption (COSE) [RFC9052<\/a>] defines header parameters that parallel many of those defined by the JSON Object Signing and Encryption (JOSE) [RFC7515<\/a>] [RFC7516<\/a>] specifications. However, one way in which COSE does not provide equivalent functionality to JOSE is that it does not define an equivalent of the typ<\/code> (type) header parameter, which is used for declaring the type of the entire JOSE data structure. The security benefits of having typ<\/code> (type) are described in the JSON Web Token Best Current Practices [RFC8725<\/a>], which recommends its use for “explicit typing” — using typ<\/code> values to distinguish between different kinds of objects.<\/p>\n

This specification adds the equivalent of the JOSE typ<\/code> (type) header parameter to COSE so that the benefits of explicit typing can be brought to COSE objects. The syntax of the COSE type header parameter value is the same as the existing COSE content type header parameter, allowing both integer CoAP Content-Formats [IANA.CoAP.ContentFormats<\/a>] values and string Media Type [IANA.MediaTypes<\/a>] values to be used.<\/p><\/blockquote>\n

The specification is available at:<\/p>\n