In CTT mode, an attacker could manipulate the unprotected header by removing or replacing the timestamp. -To avoid that, the signed COSE object should be securely wrapped in an envelope during transit and at rest.¶
+To avoid that, the signed COSE object should be integrity protected during transit and at rest.¶In TTC mode, the TSA is given an opaque identifier (a cryptographic hash value) for the payload. While this means that the content of the payload is not directly revealed, to prevent comparison with known payloads or disclosure of identical payloads being used over time, the payload would need to be armored, e.g., with a nonce that is shared with the recipient of the header parameter but not the TSA. Such a mechanism can be employed inside the ones described in this specification, but is out of scope for this document.¶
diff --git a/seccons++/draft-birkholz-cose-tsa-tst-header-parameter.txt b/seccons++/draft-birkholz-cose-tsa-tst-header-parameter.txt index eed6cad..54ba145 100644 --- a/seccons++/draft-birkholz-cose-tsa-tst-header-parameter.txt +++ b/seccons++/draft-birkholz-cose-tsa-tst-header-parameter.txt @@ -241,8 +241,7 @@ Table of Contents In CTT mode, an attacker could manipulate the unprotected header by removing or replacing the timestamp. To avoid that, the signed COSE - object should be securely wrapped in an envelope during transit and - at rest. + object should be integrity protected during transit and at rest. In TTC mode, the TSA is given an opaque identifier (a cryptographic hash value) for the payload. While this means that the content of