rfc9596xml2.original.xml		rfc9596.xml
	<?xml version='1.0' encoding='UTF-8'?>		<?xml version='1.0' encoding='UTF-8'?>
	<?xml-stylesheet type='text/xsl' href='http://xml2rfc.tools.ietf.org/authoring/r
	fc2629.xslt' ?>
	<!DOCTYPE rfc PUBLIC "-//IETF//DTD RFC 2629//EN" "http://xml2rfc.tools.ietf.org/
	authoring/rfc2629.dtd">
	<rfc xmlns:xi="http://www.w3.org/2001/XInclude"		<!DOCTYPE rfc [
	category="std" ipr="trust200902"		<!ENTITY nbsp "&#160;">
	docName="draft-ietf-cose-typ-header-parameter-05">		<!ENTITY zwsp "&#8203;">
			<!ENTITY nbhy "&#8209;">
			<!ENTITY wj "&#8288;">
			]>
	<?rfc toc="yes"?>		<rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="std" ipr="trust200902"
	<?rfc tocompact="yes"?>		docName="draft-ietf-cose-typ-header-parameter-05" number="9596" updates="" obso
	<?rfc tocdepth="5"?>		letes="" submissionType="IETF" consensus="true" tocInclude="true" tocDepth="5" s
	<?rfc tocindent="yes"?>		ymRefs="true" sortRefs="true" version="3" xml:lang="en">
	<?rfc symrefs="yes"?>
	<?rfc sortrefs="yes"?>
	<?rfc compact="yes"?>
	<?rfc subcompact="no"?>
	<front>		<front>
			<title abbrev='COSE "typ" (type) Header Parameter'>CBOR Object Signing and E
	<title>COSE "typ" (type) Header Parameter</title>		ncryption (COSE) "typ" (type) Header Parameter</title>
			<seriesInfo name="RFC" value="9596"/>
	<author fullname="Michael B. Jones" initials="M.B." surname="Jones">		<author fullname="Michael B. Jones" initials="M.B." surname="Jones">
	<organization>Self-Issued Consulting</organization>		<organization>Self-Issued Consulting</organization>
	<address>		<address>
	<email>michael_b_jones@hotmail.com</email>		<email>michael_b_jones@hotmail.com</email>
	<uri>https://self-issued.info/</uri>		<uri>https://self-issued.info/</uri>
	</address>		</address>
	</author>		</author>
	<author fullname="Orie Steele" initials="O." surname="Steele">		<author fullname="Orie Steele" initials="O." surname="Steele">
	<organization>Transmute</organization>		<organization>Transmute</organization>
	<address>		<address>
	<email>orie@transmute.industries</email>		<email>orie@transmute.industries</email>
	</address>		</address>
	</author>		</author>
			<date month="June" year="2024"/>
	<date day="3" month="April" year="2024" />		<area>SEC</area>
			<workgroup>cose</workgroup>
	<area>Security</area>
	<workgroup>COSE Working Group</workgroup>
	<keyword>Explicit Typing</keyword>		<keyword>Explicit Typing</keyword>
	<keyword>Internet-Draft</keyword>
	<abstract>		<abstract>
	<t>		<t>
	This specification adds the equivalent of the JSON Object Signing and Enc ryption (JOSE)		This specification adds the equivalent of the JSON Object Signing and Enc ryption (JOSE)
	<spanx style="verb">typ</spanx> (type) header parameter to		"typ" (type) header parameter to
	CBOR Object Signing and Encryption (COSE).		CBOR Object Signing and Encryption (COSE).
	This enables the benefits of explicit typing,		This enables the benefits of explicit typing (as defined in RFC 8725, "JS
	as defined in the JSON Web Token Best Current Practices BCP,		ON Web Token Best Current Practices")
	to be brought to COSE objects.		to be brought to COSE objects.
	The syntax of the COSE type header parameter value is the same as the exi sting COSE content type header parameter.		The syntax of the COSE type header parameter value is the same as the exi sting COSE content type header parameter.
	</t>		</t>
	</abstract>		</abstract>
	</front>		</front>
	<middle>		<middle>
			<section anchor="Introduction">
	<section anchor="Introduction" title="Introduction">		<name>Introduction</name>
	<t>		<t>
	CBOR Object Signing and Encryption (COSE) <xref target="RFC9052"/> define s header parameters		CBOR Object Signing and Encryption (COSE) <xref target="RFC9052"/> define s header parameters
	that parallel many of those defined by the JSON Object Signing and Encryp		that parallel many of those defined by the JSON Object Signing and Encryp
	tion (JOSE)		tion (JOSE) specifications
	<xref target="RFC7515"/> <xref target="RFC7516"/> specifications.		<xref target="RFC7515"/> <xref target="RFC7516"/>.
	However, one way in which COSE does not provide equivalent functionality to JOSE is that		However, one way in which COSE does not provide equivalent functionality to JOSE is that
	it does not define an equivalent of the <spanx style="verb">typ</spanx> ( type) header parameter,		it does not define an equivalent of the "typ" (type) header parameter,
	which is used for declaring the type of the entire JOSE data structure.		which is used for declaring the type of the entire JOSE data structure.
	The security benefits of having <spanx style="verb">typ</spanx> (type) ar		The security benefits of having "typ" (type) are described in
	e described in		<xref target="RFC8725" sectionFormat="of" section="3.11"/>,
	Section 3.11 of the JSON Web Token Best Current Practices <xref target="RFC872
	5"/>,
	which recommends its use for "explicit typing" --		which recommends its use for "explicit typing" --
	using <spanx style="verb">typ</spanx> values to distinguish between		using "typ" values to distinguish between
	different kinds of JSON Web Tokens (JWTs) <xref target="RFC7519"/>.		different kinds of JSON Web Tokens (JWTs) <xref target="RFC7519"/>.
	</t>		</t>
	<t>		<t>
	This specification adds the equivalent of the JOSE <spanx style="verb">ty p</spanx> (type) header parameter to COSE		This specification adds the equivalent of the JOSE "typ" (type) header pa rameter to COSE
	so that the benefits of explicit typing		so that the benefits of explicit typing
	can be brought to COSE objects.		can be brought to COSE objects.
	The syntax of the COSE type header parameter value is the same as the exi sting COSE content type header parameter,		The syntax of the COSE type header parameter value is the same as the exi sting COSE content type header parameter,
	allowing both unsigned integer CoAP Content-Formats <xref target="IANA.Co		allowing both unsigned integers as registered in the "CoAP Content-Format
	AP.ContentFormats"/> values		s" registry <xref target="CoAP.ContentFormats"/>
	and string Media Type <xref target="IANA.MediaTypes"/> values to be used.		and string media type values <xref target="MediaTypes"/> to be used.
	</t>		</t>
	<t>		<t>
	The term "COSE object" is used as defined in <xref target="RFC9052"/>.		The term "COSE object" is used as defined in <xref target="RFC9052"/>.
	An example of a COSE object is a COSE_Sign1 structure,		An example of a COSE object is a COSE_Sign1 structure,
	as described in Section 4.2 of <xref target="RFC9052"/>.		as described in <xref target="RFC9052" sectionFormat="of" section="4.2"/> .
	</t>		</t>
			<section anchor="rnc">
	<section anchor="rnc" title="Requirements Notation and Conventions">		<name>Requirements Notation and Conventions</name>
	<t>		<t>
	The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",		The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>",
	"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and		"<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>
	"OPTIONAL" in this document are to be interpreted as described in		",
	BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and		"<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>",
	only when, they appear in all capitals, as shown here.		"<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
	</t>		"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to
			be
			interpreted as described in BCP&nbsp;14 <xref target="RFC2119"/> <xref
			target="RFC8174"/> when, and only when, they appear in all capitals, as
			shown here.
			</t>
	</section>		</section>
	</section>		</section>
	<section anchor="typ" title='COSE "typ" (type) header parameter'>		<section anchor="typ">
			<name>COSE "typ" (type) Header Parameter</name>
	<t>		<t>
	The <spanx style="verb">typ</spanx> (type) header parameter		The "typ" (type) header parameter
	is used by COSE applications to declare the		is used by COSE applications to declare the
	type of this complete COSE object, as compared to the content type header parameter,		type of this complete COSE object, as compared to the content type header parameter,
	which declares the type of the COSE object payload.		which declares the type of the COSE object payload.
	This is intended for use by the application when		This is intended for use by the application when
	more than one kind of COSE object could be present in		more than one kind of COSE object could be present in
	an application data structure that can contain a COSE object;		an application data structure that can contain a COSE object;
	the application can use this value to disambiguate among		the application can use this value to disambiguate among
	the different kinds of COSE objects that might be present.		the different kinds of COSE objects that might be present.
	It will typically not be used by applications when		It will typically not be used by applications when
	the kind of COSE object is already known.		the kind of COSE object is already known.
	Use of this header parameter is OPTIONAL.		Use of this header parameter is <bcp14>OPTIONAL</bcp14>.
	</t>		</t>
	<t>		<t>
	The syntax of this header parameter value is the same as the content type header parameter		The syntax of this header parameter value is the same as the content type header parameter
	defined in Section 3.1 of <xref target="RFC9052"/>;		defined in <xref target="RFC9052" sectionFormat="of" section="3.1"/>;
	it is either		it is either
	an unsigned integer CoAP Content-Formats <xref target="IANA.CoAP.ContentF		an unsigned integer as registered in the "CoAP Content-Formats" registry
	ormats"/> value		<xref target="CoAP.ContentFormats"/>
	or a string Content Type value.		or a string content type value.
	Content Type values have a Media Type name <xref target="IANA.MediaTypes"		Content type values have a media type name <xref target="MediaTypes"/>
	/>		and <bcp14>MAY</bcp14> include media type parameters.
	and MAY include Media Type parameters.
	</t>		</t>
	<t>		<t>
	This parameter is ignored by COSE implementations		The "typ" (type) header parameter is ignored by COSE implementations
	(libraries implementing <xref target="RFC9052"/> and this specification),		(libraries implementing <xref target="RFC9052"/> and this specification),
	other than being passed through to applications using those implementatio ns.		other than being passed through to applications using those implementatio ns.
	Any processing of this parameter is performed by the COSE application		Any processing of this parameter is performed by the COSE application
	using application-specific processing rules.		using application-specific processing rules.
	For instance, an application might verify that the <spanx style="verb">ty p</spanx> value		For instance, an application might verify that the "typ" value
	is a particular application-chosen media type and reject the data structu re if it is not.		is a particular application-chosen media type and reject the data structu re if it is not.
	</t>		</t>
	<t>		<t>
	The <spanx style="verb">typ</spanx> parameter MUST NOT be present in unprotect ed headers.		The "typ" parameter <bcp14>MUST NOT</bcp14> be present in unprotected headers.
	</t>		</t>
	<t>		<t>
	The <spanx style="verb">typ</spanx> parameter does not describe the content of unprotected headers.		The "typ" parameter does not describe the content of unprotected headers.
	Changes to unprotected headers do not change the type of the COSE object.		Changes to unprotected headers do not change the type of the COSE object.
	</t>		</t>
	</section>		</section>
			<section anchor="Security">
	<section anchor="Security" title="Security Considerations">		<name>Security Considerations</name>
	<t>		<t>
	The case for explicit typing of COSE objects is equivalent to the case ma de for explicit typing		The case for explicit typing of COSE objects is equivalent to the case ma de for explicit typing
	in Section 3.11 of JSON Web Token Best Current Practices <xref target="RF C8725"/>:		in <xref target="RFC8725" section="3.11" sectionFormat="of"/>:
	Explicit typing can prevent confusion between different kinds of COSE objects.		Explicit typing can prevent confusion between different kinds of COSE objects.
	</t>		</t>
	<t>		<t>
	COSE applications employing explicit typing should reject COSE objects		COSE applications employing explicit typing should reject COSE objects
	with a type header parameter value different than values that they expect in that application context.		with a type header parameter value different than values that they expect in that application context.
	They should also reject COSE objects without a type header parameter when one is expected.		They should also reject COSE objects without a type header parameter when one is expected.
	</t>		</t>
	</section>		</section>
			<section anchor="IANA">
	<section anchor="IANA" title="IANA Considerations">		<name>IANA Considerations</name>
			<section anchor="cose-algorithms-registrations">
	<section anchor="cose-algorithms-registrations" title="COSE Header Paramet		<name>COSE Header Parameter Registrations</name>
	er Registrations">
	<t>		<t>
	This section registers the following value in the		IANA has registered the following value in the
	IANA "COSE Header Parameters" registry <xref target="IANA.COSE.HeaderPa		IANA "COSE Header Parameters" registry <xref target="COSE.HeaderParamet
	rameters"/>.		ers"/>.
	</t>		</t>
	<t>
	<?rfc subcompact="yes"?>
	<list style='symbols'>
	<t>
	Name: typ (type)
	</t>
	<t>
	Label: TBD (requested assignment 16)
	</t>
	<t>
	Value Type: uint / tstr
	</t>
	<t>
	Value Registry: <xref target="IANA.CoAP.ContentFormats"/> or <xref
	target="IANA.MediaTypes"/>
	</t>
	<t>
	Description: Type of the complete COSE object
	</t>
	<t>
	Reference: <xref target="typ"/> of this specification
	</t>
	</list>
	</t>
	<?rfc subcompact="no"?>
	</section>
			<table anchor="iana-tab">
			<name></name>
			<thead>
			<tr>
			<th>Name</th>
			<th>Label</th>
			<th>Value Type</th>
			<th>Value Registry</th>
			<th>Description</th>
			<th>Reference</th>
			</tr>
			</thead>
			<tbody>
			<tr>
			<td>typ (type)</td>
			<td>16</td>
			<td>uint&nbsp;/ tstr</td>
			<td><xref target="CoAP.ContentFormats"/> or <xref
			target="MediaTypes"/> registry</td>
			<td>Content type of the complete COSE object</td>
			<td><xref target="typ"/> of RFC 9596</td>
			</tr>
			</tbody>
			</table>
			</section>
	</section>		</section>
	</middle>		</middle>
	<back>		<back>
			<references>
			<name>References</name>
			<references>
			<name>Normative References</name>
			<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2
			119.xml"/>
			<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8
			174.xml"/>
			<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8
			725.xml"/>
			<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9
			052.xml"/>
			</references>
			<references>
			<name>Informative References</name>
			<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7
			515.xml"/>
			<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7
			516.xml"/>
			<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7
			519.xml"/>
	<references title="Normative References">		<reference anchor="COSE.HeaderParameters" target="https://www.iana.org/a
			ssignments/cose">
	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.211		<front>
	9.xml"/>		<title>COSE Header Parameters</title>
	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.817		<author>
	4.xml"/>		<organization>IANA</organization>
	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.872		</author>
	5.xml"/>		<date/>
	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.905		</front>
	2.xml"/>		</reference>
	</references>
	<references title="Informative References">
	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.751
	5.xml"/>
	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.751
	6.xml"/>
	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.751
	9.xml"/>
	<reference anchor="IANA.COSE.HeaderParameters" target="https://www.iana.or
	g/assignments/cose/cose.xhtml#header-parameters">
	<front>
	<title>COSE Header Parameters</title>
	<author>
	<organization>IANA</organization>
	</author>
	<date/>
	</front>
	</reference>
	<reference anchor="IANA.CoAP.ContentFormats" target="https://www.iana.org/		<reference anchor="CoAP.ContentFormats" target="https://www.iana.org/ass
	assignments/core-parameters/core-parameters.xhtml#content-formats">		ignments/core-parameters">
	<front>		<front>
	<title>CoAP Content-Formats</title>		<title>CoAP Content-Formats</title>
	<author>		<author>
	<organization>IANA</organization>		<organization>IANA</organization>
	</author>		</author>
	<date/>		<date/>
	</front>		</front>
	</reference>		</reference>
	<reference anchor="IANA.MediaTypes" target="https://www.iana.org/assignmen		<reference anchor="MediaTypes" target="https://www.iana.org/assignments/
	ts/media-types">		media-types">
	<front>		<front>
	<title>Media Types</title>		<title>Media Types</title>
	<author>		<author>
	<organization>IANA</organization>		<organization>IANA</organization>
	</author>		</author>
	<date></date>		<date/>
	</front>		</front>
	</reference>		</reference>
			</references>
	</references>		</references>
	<section title="Document History" anchor="History">		<section anchor="Acknowledgements" numbered="false">
	<t>		<name>Acknowledgements</name>
	[[ to be removed by the RFC Editor before publication as an RFC ]]
	</t>
	<t>
	-05
	<list style='symbols'>
	<t>
	Addressed Area Director review comments.
	</t>
	</list>
	</t>
	<t>
	-04
	<list style='symbols'>
	<t>
	Addressed SECDIR review comments.
	</t>
	</list>
	</t>
	<t>
	-03
	<list style='symbols'>
	<t>
	Addressed GENART and OPSDIR review comments.
	</t>
	</list>
	</t>
	<t>
	-02
	<list style='symbols'>
	<t>
	Addressed working group last call comments.
	</t>
	<t>
	Changed requested assignment from 14 to 16 due to conflict a with new
	assignment.
	</t>
	</list>
	</t>
	<t>
	-01
	<list style='symbols'>
	<t>
	Added language about media type parameters.
	</t>
	</list>
	</t>
	<t>
	-00
	<list style='symbols'>
	<t>
	Initial working group version based on draft-jones-cose-typ-header-pa
	rameter-01.
	</t>
	</list>
	</t>
	</section>
	<section title="Acknowledgements" anchor="Acknowledgements" numbered="no">
	<t>		<t>
	We would like to thank		We would like to thank
	Henk Birkholz,		<contact fullname="Henk Birkholz" />,
	Carsten Bormann,		<contact fullname="Carsten Bormann" />,
	Susan Hares,		<contact fullname="Susan Hares" />,
	Dan Harkins,		<contact fullname="Dan Harkins" />,
	Murray Kucherawy,		<contact fullname="Murray Kucherawy" />,
	Marco Tiloca,		<contact fullname="Marco Tiloca" />,
	Gunter Van de Velde,		<contact fullname="Gunter Van de Velde" />,
	Éric Vyncke,		<contact fullname="Éric Vyncke" />,
	and		and
	Dale Worley		<contact fullname="Dale Worley" />
	for their valuable contributions to this specification.		for their valuable contributions to this specification.
	</t>		</t>
	</section>		</section>
	</back>		</back>
	</rfc>		</rfc>
End of changes. 49 change blocks.
	243 lines changed or deleted		162 lines changed or added
This html diff was produced by rfcdiff 1.48.