Toerless Eckert <t...@cs.fau.de> wrote:
> I find it architecturally somewhat weird to have this "level skip":
> Normally, if you have a container format, that container format itself
> would have to indicate the type of its components, and you would not
> need to or want to expose the type of any component outside of the
> container.
I find the eContentType business in SMIME insecure.
It presuposes that there are very generic CMS decryption system in the OS
which will be handing the inner contents to some OS-generic thing for
display. But, in actual email use of SMIME, we actually have an inner
Mime-Type there already. And I think, in almost all other cases, we wouldn't
want to use a generic CMS decryption thing.
So, I don't think of the COSE as a separate layer. It's not.
The thing is a voucher, and vouchers are signed artifacts. Like protons.
They contain YANG-serialized CBOR inside (like quarks)
This stuff inside doesn't have an existence: you never get to mess with the
quarks without knowing how they are contained.
--
Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
