Wording section "Referenced token in COSE"

[atezet]

While working on an implementation of the latest draft, I was confused about how to include a referenced token in ISO mdoc. The section starts of with:

The Referenced Token MAY be encoded as a "COSE Web Token (CWT)" object ...

First of all, this must be a typo CBOR Web Token (see https://www.rfc-editor.org/rfc/rfc8392). But then, after showing an example of a CWT, it seamlessly transitions into a description of how to include the status parameter in the MSO:

ISO mdoc may utilize the Status List mechanism by introducing the status parameter in the Mobile Security Object (MSO) as specified in Section 9.1.2. The status parameter uses the same encoding as a CWT as defined in Section 6.3.

Here, there is no Section 9.1.2 in this draft, but it also says the CWT encoding is used. However, what follows is an example of an IssuerAuth with a status field not using the CWT encoding just described.

For now, I went with what the last example shows, as ISO mdoc doesn't use CWT encoding (to my knowledge). I feel like these should either be two (sub)sections, or the first part (describing the CWT encoding) is not needed at all.

Please let me know if anything I wrote is unclear.

[paulbastian]

Editors Call:

• agreed on COSE Web Token typo
• Section 9.1.2. refers to the ISO18013-5 spec, will clarify
• we split up COSE section into CWT and ISO mdoc subsections and make clear that they share the status_list structure but the encompassing structure is different

Thanks for your feedback!

[atezet]

Thank you for your reply. About section 9.1.2 referring to the ISO18013-5 spec; I remember I considered that at some point, but the version I checked didn't have the status parameter specified. I see that it is indeed specified in the working draft!