Unclear on COSE_Sign1 generation (tag 18)

[stormouse]

trafficstars

https://github.com/aws/aws-nitro-enclaves-nsm-api/blob/main/docs/attestation_process.md Section 3.3 of the page above mentioned tag 18 will be present or not according to "context". My tests using aws-nitro-enclaves-nsm-api have the tag missing. Could you make it more clear on when or if this tag will ever present?

[petreeftime]

Based on RFC 8152 Section 4.2, the tag is contextual, to prevent confusion between multiple structures. Since in the context of the Signed Attestation Document, it's clear that the object refers to a COSE_Sign1 object, then this tag can be elided without inducing such confusion. However, the expectation is that a conforming reader should be able to verify the tag, if it is exists. It seems that the documentation suggests that this will always be present, but I can confirm that it's currently not emitted.

[petreeftime]

Either the code needs to be updated to emit a tag so that it matches the documentation, or the documentation needs to be updated to clarify that the tag might be missing.