Closed
Description
In B.3.4 it's defined how each side must construct the SessionTranscript using a handover defined in the following way
OpenID4VPDCAPIHandover = [
"OpenID4VPDCAPIHandover", ; A fixed identifier for this handover type
OpenID4VPDCAPIHandoverInfoHash ; A cryptographic hash of OpenID4VPDCAPIHandoverInfo
]
OpenID4VPDCAPIHandoverInfoHash = bstr ; sha-256 hash of OpenID4VPDCAPIHandoverInfo
OpenID4VPDCAPIHandoverInfo = [
origin,
client_id,
nonce
] ; Array containing handover parameters
client_id = tstr ; UTF-8 encoded string
origin = tstr ; UTF-8 encoded string
nonce = tstr ; UTF-8 encoded string
There's a couple of problems here
- All
tstrare Unicode strings, it's meaningless to say "UTF-8 encoded string" because it's already tstr. Should just remove those comments. OpenID4VPDCAPIHandoverInfoHashis defined as the "sha-256 hash of OpenID4VPDCAPIHandoverInfo" but doesn't make sense as you can only hash bytes (e.g. the encoded version of CBOR), not CBOR itself.
Here's what I would replace it with
OpenID4VPDCAPIHandover = [
"OpenID4VPDCAPIHandover", ; A fixed identifier for this handover type
OpenID4VPDCAPIHandoverInfoHash ; A cryptographic hash of OpenID4VPDCAPIHandoverInfo
]
; Contains the sha-256 hash of OpenID4VPDCAPIHandoverInfoBytes
OpenID4VPDCAPIHandoverInfoHash = bstr
; Contains the encoding of OpenID4VPDCAPIHandoverInfo
OpenID4VPDCAPIHandoverInfoBytes = bstr .cbor OpenID4VPDCAPIHandoverInfo
OpenID4VPDCAPIHandoverInfo = [
origin,
client_id,
nonce
] ; Array containing handover parameters
client_id = tstr
origin = tstr
nonce = tstr
I think this achieves what was originally intended and is more crisp. It's also consistent with what other standards are doing, for example see empty_or_serialized_map in COSE (RFC 9052).
Metadata
Metadata
Assignees
Labels
No labels