Below
On 2025-03-17 18:12, Thomas Fossati
wrote:
The hash algorithm is chosen by the timestamp requestor, not by the TSA. And, in most cases, the timestamp requestor and the COSE signer are expected to be the same entity, i.e., the document holder. Therefore, I think it makes sense to try and minimise the algorithmic recipe. The situation where the timestamp requestor and the COSE signer are different seems like a good exception to the SHOULD rule. I'll add that to the rationale.
You are absolutely right. Sorry for my brain fart :)
/Stefan
-- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
