RFC Errata
RFC 8392, "CBOR Web Token (CWT)", May 2018
Source of RFC: ace (sec)
Errata ID: 7982
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Christian Amsüss
Date Reported: 2024-06-11
Section A.2.2 says:
/ kid / 4: h'53796d6d6574726963323536' / 'Symmetric256' /,
It should say:
/ kid / 2: h'53796d6d6574726963323536' / 'Symmetric256' /,
Notes:
The hex above the diagnostic notation encodes for index 2 before the 'Symmetric256' value. The use of CBOR value 2 to mean "kid" is also consistent with the examples around it.
As this is a mix-up between the "kid" key from COSE Key Common Parameters and COSE Header parameters, a check through the whole document for whether the right numeric values are used might be due. The use of 2 here and 4 in A.3 and A.4 seems right to me -- but I keep mixing those up myself, which was why I was looking into this example in the first place.