From cc8332b9ba53b26395800b1fa2abee0a7d702a45 Mon Sep 17 00:00:00 2001 From: Hannes Tschofenig Date: Sat, 20 Jul 2024 20:02:40 +0200 Subject: [PATCH 1/3] Editorials --- draft-ietf-scitt-architecture.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/draft-ietf-scitt-architecture.md b/draft-ietf-scitt-architecture.md index 322e51d9..c3020112 100644 --- a/draft-ietf-scitt-architecture.md +++ b/draft-ietf-scitt-architecture.md @@ -485,8 +485,8 @@ Multiple Issuers can make the same Statement about a single Artifact, affirming At least one identifier for an identity document MUST be included in the protected header of the COSE Envelope, as one of `x5t` or `kid`. Additionally, `x5chain` that corresponds to either `x5t` or `kid` identifying the leaf certificate in the included certification path MAY be included in the unprotected header of the COSE Envelope. -- When using x509, Support for `x5t` is mandatory to implement. -- Support for `kid` in the protected header and `x5chain` in the unprotected heaer is optional. +- When using x.509 certificates, support for `x5t` is mandatory to implement. +- Support for `kid` in the protected header and `x5chain` in the unprotected header is optional to implement. When `x5t` is present, `iss` MUST be a string with a value between 1 and 8192 characters in length that fits the regular expression of a distinguished name. From ff2d8c40d8a5698eca5cebbb9b67f8103b4e114e Mon Sep 17 00:00:00 2001 From: Henk Birkholz Date: Sun, 21 Jul 2024 23:47:06 +0200 Subject: [PATCH 2/3] Update draft-ietf-scitt-architecture.md --- draft-ietf-scitt-architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-scitt-architecture.md b/draft-ietf-scitt-architecture.md index c3020112..7fee46ca 100644 --- a/draft-ietf-scitt-architecture.md +++ b/draft-ietf-scitt-architecture.md @@ -485,7 +485,7 @@ Multiple Issuers can make the same Statement about a single Artifact, affirming At least one identifier for an identity document MUST be included in the protected header of the COSE Envelope, as one of `x5t` or `kid`. Additionally, `x5chain` that corresponds to either `x5t` or `kid` identifying the leaf certificate in the included certification path MAY be included in the unprotected header of the COSE Envelope. -- When using x.509 certificates, support for `x5t` is mandatory to implement. +- When using x.509 certificates, support for `x5t` is REQUIRED to implement. - Support for `kid` in the protected header and `x5chain` in the unprotected header is optional to implement. When `x5t` is present, `iss` MUST be a string with a value between 1 and 8192 characters in length that fits the regular expression of a distinguished name. From d6283d617392305c3781ad50c359e1a0f469fcbe Mon Sep 17 00:00:00 2001 From: Henk Birkholz Date: Sun, 21 Jul 2024 23:47:17 +0200 Subject: [PATCH 3/3] Update draft-ietf-scitt-architecture.md --- draft-ietf-scitt-architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-scitt-architecture.md b/draft-ietf-scitt-architecture.md index 7fee46ca..b3c2646e 100644 --- a/draft-ietf-scitt-architecture.md +++ b/draft-ietf-scitt-architecture.md @@ -486,7 +486,7 @@ At least one identifier for an identity document MUST be included in the protect Additionally, `x5chain` that corresponds to either `x5t` or `kid` identifying the leaf certificate in the included certification path MAY be included in the unprotected header of the COSE Envelope. - When using x.509 certificates, support for `x5t` is REQUIRED to implement. -- Support for `kid` in the protected header and `x5chain` in the unprotected header is optional to implement. +- Support for `kid` in the protected header and `x5chain` in the unprotected header is OPTIONAL to implement. When `x5t` is present, `iss` MUST be a string with a value between 1 and 8192 characters in length that fits the regular expression of a distinguished name.