From 79dafb53fc48b6d540de5af845a5af51d2ff65f3 Mon Sep 17 00:00:00 2001 From: Henk Birkholz Date: Tue, 27 Aug 2024 15:42:33 +0200 Subject: [PATCH] addresses Carl's comment on Section 3.2 --- draft-birkholz-cose-tsa-tst-header-parameter.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/draft-birkholz-cose-tsa-tst-header-parameter.md b/draft-birkholz-cose-tsa-tst-header-parameter.md index 34e94de..efeeb08 100644 --- a/draft-birkholz-cose-tsa-tst-header-parameter.md +++ b/draft-birkholz-cose-tsa-tst-header-parameter.md @@ -113,6 +113,8 @@ The obtained timestamp token is then added back as an unprotected header into th In this context, timestamp tokens are similar to a countersignature {{-countersign}} made by the TSA. +The message imprint sent to the TSA ({{Section 2.4 of -TSA}}) MUST be the hash of the payload field of the COSE signed object. + # RFC 3161 Time-Stamp Tokens COSE Header Parameters {#sec-tst-hdr} The two modes described in {{sec-timestamp-then-cose}} and {{sec-cose-then-timestamp}} use different inputs into the timestamping machinery, and consequently create different kinds of binding between COSE and TST.