Orie Steele

I'd recommend just throwing when compressed points are passed... and not doing the point compression, and that would eliminate the warning.

If a test confirms errors are thrown for compressed points, this issue can be closed.

If we do validation, we should do it based on risk assessment. - content type - x5t, x5c There needs to be an argument for "why" we added extra validation...

Lets leave claims validation to the callers, and reduce the code we must maintain.

As discussed on the call, we will hope open PRs for this issue and the cwt claims in headers issue until RFC numbers are assigned for both.

related issue https://github.com/veraison/go-cose/issues/184

I added support for the `typ` header parameter: - https://datatracker.ietf.org/doc/draft-ietf-cose-cwt-claims-in-headers/ - https://datatracker.ietf.org/doc/draft-ietf-cose-typ-header-parameter/ ``` 18([ h'a30138230fa2016e6973737565722e6578616d706c65026f7375626a6563742e6578616d706c65106f6170706c69636174696f6e2f637774', {4: h'31'}, h'68656c6c6f20776f726c64', h'00b8f0fbee7d5ca003678a173a1f1cb5f6233e85f2dd421d4d56d13541a67e01fd0c7addabc2c3b07d5b08a027382629aac41dd3f62f69d6c9209e2ca99255bda78600f3ca500d482c9b3a220dfd14395c42d02e0fa423e9192deb83c27b41257bcb3e9162db9e3de0895a81fb51d2ae41e9f07d91146832cbe91fa85b48456aef8ebc82' ]) ``` Decoded protected header: ``` {1: -36, 15: {1: "issuer.example",...

I suppose there is an API consideration here, perhaps the validation checks should only happen when serialization occurs, instead of causing an error to be thrown when for example invalid...

@thomas-fossati regarding https://github.com/veraison/go-cose/pull/183#discussion_r1649136571 Its a fair point. My lazy answer is, people can add pull requests for the IANA registry entries they wish the library supported, and they can use...

The combination of a cross fork PR, and the DCO rebase + github suggestion merges... has made this more trouble than its worth. @thomas-fossati If you think we should drop...