Provide stronger guidance on locating X.509 chain in COSE/JWS #13
Assignees
Comments
|
@scouten-adobe to revise section 11 (DID resolution options) to tie in the understanding that the X.509 chain comes from the signature envelope as described in this issue. |
This was referenced Mar 21, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Even though it is not a direct concern of the DID method specification but rather of a signing envelope profile, it is beneficial to provide strong guidance since there is only one obvious place for the certificate chain to go, both in COSE and JWS.
For COSE, it would be the x5chain (label 33) header parameter, see https://www.iana.org/assignments/cose/cose.xhtml#header-parameters.
For JWS, it would be the x5c header parameter, see https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-header-parameters.
This is in line with the DID resolution spec which defines a draft HTTP binding and uses standard HTTP headers where available for resolution options.
Ideally, in the future, there is a single JWS/COSE binding specification for DID-issued content, but that will take a while.
Migrated from microsoft/did-x509#4.
The text was updated successfully, but these errors were encountered: