- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Mon, 14 Feb 2022 06:48:52 +0100
- To: W3C Credentials CG <public-credentials@w3.org>
Continuing the CBOR thread but now with dedicated subject line. I'm not much into "LD" but obviously you should be able to create a CBOR-LD. The only real stumbling block I have found is that the "Guardians of CBOR" consider URLs as type identifiers a bad thing because: - The intention was (and is) that you register application-specific nnn() tags with IANA - URLs open the possibility reading CBOR schemas in run-time which is a known XML foot-gun Decentralized URLs as type identifiers are (IMO) a necessity for a lot of systems. Regarding reading schemas in run-time: there will always be people who do not understand how to write secure software but will do it anyway. As I wrote in another thread, using COSE signatures (or encryption) is something I wouldn't do. Using COSE public key and algorithm identifiers is though perfectly workable. Regarding possible COSE-LD signatures I would consider a solution where signatures only protect the actual bytes transferred, and feature the LD part as a hash. That is, validation of LD canonicalization would be an optional step. Thanx, Anders
Received on Monday, 14 February 2022 05:49:10 UTC