addresses Carl's comment on signature cardinality / COSE msg type

ietf-scitt · Aug 27, 2024 · 1dbac17 · 1dbac17
1 parent 79dafb5
commit 1dbac17
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/draft-birkholz-cose-tsa-tst-header-parameter.md b/draft-birkholz-cose-tsa-tst-header-parameter.md
@@ -163,7 +163,7 @@ RFC 3161 timestamp tokens use CMS as signature envelope format.
 The payload of the signed timestamp token is the TSTInfo structure defined in {{-TSA}}, which contains the message imprint that was sent to the TSA.
 The hash algorithm is contained in the message imprint structure, together with the hash itself.
 
-As part of the signature verification, the receiver MUST make sure that the message imprint in the embedded timestamp token matches either the payload or the signature fields, depending on the mode of use.
+As part of the signature verification, the receiver MUST make sure that the message imprint in the embedded timestamp token matches a hash of either the payload, signature, or signature fields, depending on the mode of use and type of COSE structure.
 
 {{Appendix B of -TSA}} provides an example that illustrates how timestamp tokens can be used to verify signatures of a timestamped message when utilizing X.509 certificates.