Unclear on COSE_Sign1 generation (tag 18) #7
Labels
Comments
|
Based on RFC 8152 Section 4.2, the tag is contextual, to prevent confusion between multiple structures. Since in the context of the Signed Attestation Document, it's clear that the object refers to a COSE_Sign1 object, then this tag can be elided without inducing such confusion. However, the expectation is that a conforming reader should be able to verify the tag, if it is exists. It seems that the documentation suggests that this will always be present, but I can confirm that it's currently not emitted. |
petreeftime
added
bug
|
Either the code needs to be updated to emit a tag so that it matches the documentation, or the documentation needs to be updated to clarify that the tag might be missing. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://github.com/aws/aws-nitro-enclaves-nsm-api/blob/main/docs/attestation_process.md
Section 3.3 of the page above mentioned tag 18 will be present or not according to "context". My tests using
aws-nitro-enclaves-nsm-apihave the tag missing. Could you make it more clear on when or if this tag will ever present?The text was updated successfully, but these errors were encountered: