From 83b0c77c137f05d4180a315e4516cc9f3a1544a1 Mon Sep 17 00:00:00 2001 From: Jon Geater Date: Sun, 3 Nov 2024 09:58:08 +0000 Subject: [PATCH 01/14] First tranche of CBOR All The Things Signed-off-by: Jon Geater --- draft-ietf-scitt-scrapi.md | 181 +++++++++++++++++-------------------- 1 file changed, 83 insertions(+), 98 deletions(-) diff --git a/draft-ietf-scitt-scrapi.md b/draft-ietf-scitt-scrapi.md index 93ded0a..7710f3c 100644 --- a/draft-ietf-scitt-scrapi.md +++ b/draft-ietf-scitt-scrapi.md @@ -104,21 +104,29 @@ NOTE: '\' line wrapping per {{RFC8792}} in HTTP examples. All messages are sent as HTTP GET or POST requests. -If the Transparency Service cannot process a client's request, it MUST return an HTTP 4xx or 5xx status code, and the body SHOULD be a JSON problem details object ({{RFC9457}}) containing: +If the Transparency Service cannot process a client's request, it MUST return an HTTP 4xx or 5xx status code, and the body SHOULD be a Concise Problem Details object ({{RFC9290}}) containing: -- type: A URI reference identifying the problem. +- title: A human-readable string identifying the error that prevented the Transparency Service from processing the request, ideally short and suitable for inclusion in log messages. + +- detail: A human-readable string describing the error in more depth, ideally with sufficient detail to enable the error to be rectified. + +- instance: A URN reference identifying the problem. To facilitate automated response to errors, this document defines a set of standard tokens for use in the type field within the URN namespace of: "urn:ietf:params:scitt:error:". -- detail: A human-readable string describing the error that prevented the Transparency Service from processing the request, ideally with sufficient detail to enable the error to be rectified. +- response-code: The HTTP error response code relating to this error. + +Error responses SHOULD be sent with the `Content-Type: application/problem+cbor` HTTP header. -Error responses SHOULD be sent with the `Content-Type: application/problem+json` HTTP header. +NOTE: SCRAPI is not a CoAP API. Nonetheless Constrained Problem Details objects ({{RFC9290}}) provide a useful CBOR encoding for problem details and avoids the need for mixing CBOR and JSON in endpoint implementations. As an example, submitting a Signed Statement with an unsupported signature algorithm would return a `400 Bad Request` status code and the following body: -~~~json +~~~cddl { - "type": "urn:ietf:params:scitt:error:badSignatureAlgorithm", - "detail": "Signing algorithm not support" + / title / -1: "Bad Signature Algorithm", + / detail / -2: "Signing algorithm 'WalnutDSA' not supported.", + / instance / -3: "urn:ietf:params:scitt:error:badSignatureAlgorithm", + / response-code / -4: 400, } ~~~ @@ -128,7 +136,8 @@ The one exception is the "malformed" error type, which indicates that the Transp - Error code: `malformed` (The request could not be parsed). Clients SHOULD treat 500 and 503 HTTP status code responses as transient failures and MAY retry the same request without modification at a later date. -Note that in the case of a 503 response, the Transparency Service MAY include a `Retry-After` header field per {{RFC9110}} in order to request a minimum time for the client to wait before retrying the request. + +Note that in the case of any error response, the Transparency Service MAY include a `Retry-After` header field per {{RFC9110}} in order to request a minimum time for the client to wait before retrying the request. In the absence of this header field, this document does not specify a minimum. ## Mandatory @@ -147,54 +156,19 @@ Request: GET /.well-known/transparency-configuration HTTP/1.1 Host: transparency.example -Accept: application/json +Accept: application/cose ~~~ Response: ~~~ http-message HTTP/1.1 200 Ok -Content-Type: application/json - -{ - "issuer": "https://transparency.example", - "registration_endpoint": "https://transparency.example/entries", - "nonce_endpoint": "https://transparency.example/nonce", - - "registration_policy": \ -"https://transparency.example\ -/statements/urn:ietf:params:scitt:statement\ -:sha-256:base64url:5i6UeRzg1...qnGmr1o", +Content-Type: application/cose - "supported_signature_algorithms": ["ES256"], - "jwks": { - "keys": [ - { - "kid": "urn:ietf:params:oauth:\ -jwk-thumbprint:sha-256:DgyowWs04gfVRim5i1WlQ-HFFFKI6Ltqulj1rXPagRo", - "alg": "ES256", - "use": "sig", - "kty": "EC", - "crv": "P-256", - "x": "p-kZ4uOASt9IjQRTrWikGnlbGb-z3LU1ltwRjZaOS9w", - "y": "ymXE1yltJPXgjQSRe9NweN3TLlSUALYZTzy83NVfdg0" - }, - { - "kid": "urn:ietf:params:oauth:\ -jwk-thumbprint:sha-256:4Fzx5HO1W0ob9CZNc3RJx28Ixpgy9JAFM8jyXKW0ClE", - "alg": "HPKE-Base-P256-SHA256-AES128GCM", - "use": "enc", - "kty": "EC", - "crv": "P-256", - "x": "Vreuil95vzR6ixutgBBf2ota-rj97MvKfuJWB4qqp5w", - "y": "NkUTeaoNlLRRsVRxHGDA-RsA0ex2tSpcd3G-4SmKXbs" - } - ] - } -} + ~~~ -Additional fields may be present. +Responses to this message are vendor-specific. Fields that are not understood MUST be ignored. ### Register Signed Statement @@ -274,7 +248,7 @@ Location: https://transparency.example/receipts\ /urn:ietf:params:scitt:signed-statement\ :sha-256:base64url:5i6UeRzg1...qnGmr1o -Content-Type: application/json +Content-Type: application/cbor Retry-After: { @@ -292,55 +266,68 @@ If 202 is returned, then clients should wait until Registration succeeded or fai #### Status 400 - Invalid Client Request -One of the following errors: +The following expected errors are defined. Implementations MAY return other errors, so long as they are valid {{RFC9290}} objects. ~~~ +HTTP/1.1 400 Bad Request +Content-Type: application/problem+cbor + { - "type": "urn:ietf:params:scitt:error\ -:signed-statement:algorithm-not-supported", - "detail": \ -"Signed Statement contained an algorithm that is not supported." + / title / -1: "Bad Signature Algorithm", + / detail / -2: "Signed Statement contained an algorithm that is not supported", + / instance / -3: "urn:ietf:params:scitt:error:badSignatureAlgorithm", + / response-code / -4: 400, } ~~~ ~~~ +HTTP/1.1 400 Bad Request +Content-Type: application/problem+cbor + { - "type": "urn:ietf:params:scitt:error\ -:signed-statement:payload-missing", - "detail": \ -"Signed Statement payload must be attached (must be present)" + / title / -1: "Confirmation Missing", + / detail / -2: "Signed Statement did not contain proof of possession", + / instance / -3: "urn:ietf:params:scitt:error:signed-statement:confirmation-missing", + / response-code / -4: 400, } ~~~ ~~~ +HTTP/1.1 400 Bad Request +Content-Type: application/problem+cbor + { - "type": "urn:ietf:params:scitt:error\ -:signed-statement:payload-forbidden", - "detail": \ -"Signed Statement payload must be detached (must not be present)" + / title / -1: "Payload Missing", + / detail / -2: "Signed Statement payload must be must be attached (must be present)", + / instance / -3: "urn:ietf:params:scitt:error:signed-statement:payload-missing", + / response-code / -4: 400, } ~~~ ~~~ +HTTP/1.1 400 Bad Request +Content-Type: application/problem+cbor + { - "type": "urn:ietf:params:scitt:error\ -:signed-statement:rejected-by-registration-policy", - "detail": \ -"Signed Statement not accepted by the current Registration Policy" + / title / -1: "Payload Forbidden", + / detail / -2: "Signed Statement payload must be detached (must not be present)", + / instance / -3: "urn:ietf:params:scitt:error:signed-statement:payload-forbidden", + / response-code / -4: 400, } ~~~ ~~~ +HTTP/1.1 400 Bad Request +Content-Type: application/problem+cbor + { - "type": "urn:ietf:params:scitt:error\ -:signed-statement:confirmation-missing", - "detail": \ -"Signed Statement did not contain proof of possession" + / title / -1: "Rejected", + / detail / -2: "Signed Statement not accepted by the current Registration Policy", + / instance / -3: "urn:ietf:params:scitt:error:signed-statement:rejected-by-registration-policy", + / response-code / -4: 400, } ~~~ -TODO: other error codes - ## Optional Endpoints The following HTTP endpoints are optional to implement. @@ -437,28 +424,6 @@ Payload (in CBOR diagnostic notation) ]) ~~~ -### Resolve Statement - -Authentication SHOULD be implemented for this endpoint. - -This endpoint enables Transparency Service APIs to act like Artifact Repositories, and serve `payload` values directly, instead of indirectly through Receipts. - -Request: - -~~~ http-message -GET /statements/urn...qnGmr1o HTTP/1.1 -Host: transparency.example -Accept: application/pdf -~~~ - -Response: - -~~~ http-message -HTTP/1.1 200 Ok -Content-Type: application/pdf -Payload (pdf bytes) -~~~ - ### Resolve Signed Statement Authentication SHOULD be implemented for this endpoint. @@ -475,6 +440,10 @@ Accept: application/cose Response: +One of the following: + +#### Status 200 - Success + ~~~ http-message HTTP/1.1 200 Ok Content-Type: application/cose @@ -489,6 +458,22 @@ Payload (in CBOR diagnostic notation) ]) ~~~ +#### Status 404 - Not Found + +The following expected errors are defined. Implementations MAY return other errors, so long as they are valid {{RFC9290}} objects. + +~~~ +HTTP/1.1 404 Not Found +Content-Type: application/problem+cbor + +{ + / title / -1: "Not Found", + / detail / -2: "No Signed Statement found with the specified ID", + / instance / -3: "urn:ietf:params:scitt:error:notFound", + / response-code / -4: 404, +} +~~~ + ### Resolve Receipt Authentication SHOULD be implemented for this endpoint. @@ -544,13 +529,13 @@ If the Signed Statement requested is neither registered in the log nor subject t ~~~ HTTP/1.1 404 Not Found -Content-Type: application/json +Content-Type: application/problem+cbor { - "type": "urn:ietf:params:scitt:error\ - :receipt:not-found", - "detail": \ - "Signed Statement not known to this Transparency Service." + / title / -1: "Not Found", + / detail / -2: "Signed Statement not known to this Transparency Service", + / instance / -3: "urn:ietf:params:scitt:error:receipt:not-found", + / response-code / -4: 400, } ~~~ From be74955d1c163fdcc8b5ec80b3e4a795f126dd60 Mon Sep 17 00:00:00 2001 From: Jon Geater Date: Sun, 3 Nov 2024 10:07:21 +0000 Subject: [PATCH 02/14] Fixup RFC references --- draft-ietf-scitt-scrapi.md | 1 + 1 file changed, 1 insertion(+) diff --git a/draft-ietf-scitt-scrapi.md b/draft-ietf-scitt-scrapi.md index 7710f3c..4fbe021 100644 --- a/draft-ietf-scitt-scrapi.md +++ b/draft-ietf-scitt-scrapi.md @@ -51,6 +51,7 @@ normative: RFC8615: RFC9052: RFC9110: + RFC9290: RFC9457: IANA.params: From a23d3e2a7406527c2056464b0f7f2bccb9da0c26 Mon Sep 17 00:00:00 2001 From: Jon Geater Date: Mon, 4 Nov 2024 18:09:21 +0000 Subject: [PATCH 03/14] Update draft-ietf-scitt-scrapi.md Co-authored-by: A.J. Stein (Unofficial) --- draft-ietf-scitt-scrapi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-scitt-scrapi.md b/draft-ietf-scitt-scrapi.md index 4fbe021..53ecfdf 100644 --- a/draft-ietf-scitt-scrapi.md +++ b/draft-ietf-scitt-scrapi.md @@ -116,7 +116,7 @@ To facilitate automated response to errors, this document defines a set of stand - response-code: The HTTP error response code relating to this error. -Error responses SHOULD be sent with the `Content-Type: application/problem+cbor` HTTP header. +application/concise-problem-details+cbor NOTE: SCRAPI is not a CoAP API. Nonetheless Constrained Problem Details objects ({{RFC9290}}) provide a useful CBOR encoding for problem details and avoids the need for mixing CBOR and JSON in endpoint implementations. From 14e4458b6bf62ebb46b6170e81c8420395236260 Mon Sep 17 00:00:00 2001 From: Jon Geater Date: Mon, 4 Nov 2024 18:09:27 +0000 Subject: [PATCH 04/14] Update draft-ietf-scitt-scrapi.md Co-authored-by: A.J. Stein (Unofficial) --- draft-ietf-scitt-scrapi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-scitt-scrapi.md b/draft-ietf-scitt-scrapi.md index 53ecfdf..ad4aca2 100644 --- a/draft-ietf-scitt-scrapi.md +++ b/draft-ietf-scitt-scrapi.md @@ -283,7 +283,7 @@ Content-Type: application/problem+cbor ~~~ HTTP/1.1 400 Bad Request -Content-Type: application/problem+cbor +application/concise-problem-details+cbor { / title / -1: "Confirmation Missing", From 0ac078d0e7214c84209222925ad7ac4c88d8cfe6 Mon Sep 17 00:00:00 2001 From: Jon Geater Date: Mon, 4 Nov 2024 18:09:33 +0000 Subject: [PATCH 05/14] Update draft-ietf-scitt-scrapi.md Co-authored-by: A.J. Stein (Unofficial) --- draft-ietf-scitt-scrapi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-scitt-scrapi.md b/draft-ietf-scitt-scrapi.md index ad4aca2..5bf1751 100644 --- a/draft-ietf-scitt-scrapi.md +++ b/draft-ietf-scitt-scrapi.md @@ -271,7 +271,7 @@ The following expected errors are defined. Implementations MAY return other erro ~~~ HTTP/1.1 400 Bad Request -Content-Type: application/problem+cbor +application/concise-problem-details+cbor { / title / -1: "Bad Signature Algorithm", From a2b340bb437261ab081d1635518761bb348d943e Mon Sep 17 00:00:00 2001 From: Jon Geater Date: Mon, 4 Nov 2024 18:09:39 +0000 Subject: [PATCH 06/14] Update draft-ietf-scitt-scrapi.md Co-authored-by: A.J. Stein (Unofficial) --- draft-ietf-scitt-scrapi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-scitt-scrapi.md b/draft-ietf-scitt-scrapi.md index 5bf1751..834f5db 100644 --- a/draft-ietf-scitt-scrapi.md +++ b/draft-ietf-scitt-scrapi.md @@ -307,7 +307,7 @@ Content-Type: application/problem+cbor ~~~ HTTP/1.1 400 Bad Request -Content-Type: application/problem+cbor +application/concise-problem-details+cbor { / title / -1: "Payload Forbidden", From 7b8663d364c1ba688e20de4325861eaccb4ded86 Mon Sep 17 00:00:00 2001 From: Jon Geater Date: Mon, 4 Nov 2024 18:09:44 +0000 Subject: [PATCH 07/14] Update draft-ietf-scitt-scrapi.md Co-authored-by: A.J. Stein (Unofficial) --- draft-ietf-scitt-scrapi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-scitt-scrapi.md b/draft-ietf-scitt-scrapi.md index 834f5db..f4db964 100644 --- a/draft-ietf-scitt-scrapi.md +++ b/draft-ietf-scitt-scrapi.md @@ -319,7 +319,7 @@ application/concise-problem-details+cbor ~~~ HTTP/1.1 400 Bad Request -Content-Type: application/problem+cbor +application/concise-problem-details+cbor { / title / -1: "Rejected", From 841734a8a7726e6109d3f3813dce3323ca91ca5f Mon Sep 17 00:00:00 2001 From: Jon Geater Date: Mon, 4 Nov 2024 18:10:29 +0000 Subject: [PATCH 08/14] Update draft-ietf-scitt-scrapi.md Co-authored-by: A.J. Stein (Unofficial) --- draft-ietf-scitt-scrapi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-scitt-scrapi.md b/draft-ietf-scitt-scrapi.md index f4db964..db726ae 100644 --- a/draft-ietf-scitt-scrapi.md +++ b/draft-ietf-scitt-scrapi.md @@ -530,7 +530,7 @@ If the Signed Statement requested is neither registered in the log nor subject t ~~~ HTTP/1.1 404 Not Found -Content-Type: application/problem+cbor +application/concise-problem-details+cbor { / title / -1: "Not Found", From e122b976f6ffec2ef7b4eb32851367c5051479c7 Mon Sep 17 00:00:00 2001 From: Jon Geater Date: Mon, 4 Nov 2024 18:10:35 +0000 Subject: [PATCH 09/14] Update draft-ietf-scitt-scrapi.md Co-authored-by: A.J. Stein (Unofficial) --- draft-ietf-scitt-scrapi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-scitt-scrapi.md b/draft-ietf-scitt-scrapi.md index db726ae..30cc0f7 100644 --- a/draft-ietf-scitt-scrapi.md +++ b/draft-ietf-scitt-scrapi.md @@ -295,7 +295,7 @@ application/concise-problem-details+cbor ~~~ HTTP/1.1 400 Bad Request -Content-Type: application/problem+cbor +application/concise-problem-details+cbor { / title / -1: "Payload Missing", From 179c92b4a07aafdc528b29c3e18231b998d7abfa Mon Sep 17 00:00:00 2001 From: Jon Geater Date: Mon, 4 Nov 2024 18:10:40 +0000 Subject: [PATCH 10/14] Update draft-ietf-scitt-scrapi.md Co-authored-by: A.J. Stein (Unofficial) --- draft-ietf-scitt-scrapi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-scitt-scrapi.md b/draft-ietf-scitt-scrapi.md index 30cc0f7..4a407c0 100644 --- a/draft-ietf-scitt-scrapi.md +++ b/draft-ietf-scitt-scrapi.md @@ -465,7 +465,7 @@ The following expected errors are defined. Implementations MAY return other erro ~~~ HTTP/1.1 404 Not Found -Content-Type: application/problem+cbor +application/concise-problem-details+cbor { / title / -1: "Not Found", From 393feea5b965dd6fc62f62bb4516e06dc222c022 Mon Sep 17 00:00:00 2001 From: Jon Geater Date: Mon, 4 Nov 2024 18:25:30 +0000 Subject: [PATCH 11/14] Add minimal config example Signed-off-by: Jon Geater --- draft-ietf-scitt-scrapi.md | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/draft-ietf-scitt-scrapi.md b/draft-ietf-scitt-scrapi.md index 4a407c0..c15e4bf 100644 --- a/draft-ietf-scitt-scrapi.md +++ b/draft-ietf-scitt-scrapi.md @@ -52,7 +52,6 @@ normative: RFC9052: RFC9110: RFC9290: - RFC9457: IANA.params: informative: @@ -99,7 +98,7 @@ This specification uses "payload" as defined in {{RFC9052}}. # Endpoints Authentication is out of scope for this document. -If Authentication is not implemented, rate limiting or other denial of service mitigations MUST be applied to enable anonymous access. +If Authentication is not implemented, rate limiting or other denial of service mitigation MUST be applied to enable anonymous access. NOTE: '\' line wrapping per {{RFC8792}} in HTTP examples. @@ -151,6 +150,8 @@ Authentication SHOULD NOT be implemented for this endpoint. This endpoint is used to discover the capabilities and current configuration of a transparency service implementing this specification. +The Transparency Service responds with a signed dictionary of configuration elements. These elements are Transparency-Service specific. + Request: ~~~ http-message @@ -166,7 +167,20 @@ Response: HTTP/1.1 200 Ok Content-Type: application/cose - +Payload (in CBOR diagnostic notation) + +18([ ; COSE_Sign1 structure with tag 18 + h'44A123BEEFFACE', ; Protected header (example bytes) + {}, ; Unprotected header + { ; Payload - CBOR dict + "issuer": "https://transparency.example", + "base_url": "https://transparency.example/v1/scrapi", + "oidc_auth_endpoint": "https://transparency.example/auth", + "registration_policy": "https://transparency.example/statements/\ +urn:ietf:params:scitt:statement:sha-256:base64url:5i6UeRzg1...qnGmr1o" + }, + h'ABCDEF1234567890ABCDEF1234567890' ; Signature placeholder +]) ~~~ Responses to this message are vendor-specific. From e3632589bde544b2cfc712be2ef575645ceb20c9 Mon Sep 17 00:00:00 2001 From: Jon Geater Date: Tue, 5 Nov 2024 15:11:03 +0000 Subject: [PATCH 12/14] A few small nits from the hackathon Signed-off-by: Jon Geater --- draft-ietf-scitt-scrapi.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/draft-ietf-scitt-scrapi.md b/draft-ietf-scitt-scrapi.md index c15e4bf..9939609 100644 --- a/draft-ietf-scitt-scrapi.md +++ b/draft-ietf-scitt-scrapi.md @@ -152,6 +152,8 @@ This endpoint is used to discover the capabilities and current configuration of The Transparency Service responds with a signed dictionary of configuration elements. These elements are Transparency-Service specific. +Contents of bodies are informative examples only. + Request: ~~~ http-message @@ -728,13 +730,11 @@ This document is only concerned with authentication of API clients. For those endpoints that require client authentication, Transparency Services MUST support at least one of the following options: -- HTTP Authorization header with a bearer JWT +- HTTP Authorization header with a JWT - domain-bound API key - TLS client authentication -Transparency Services MUST provide a configuration surface that allows Issuers to specify which authorized clients can submit Statements on their behalf. - -Where authentication methods rely on long term secrets, both clients and Transparency Services implementing this specification MUST allow for the revocation and rolling of authentication secrets. +Where authentication methods rely on long term secrets, both clients and Transparency Services implementing this specification SHOULD allow for the revocation and rolling of authentication secrets. ## Primary threats @@ -792,7 +792,7 @@ Replay attacks are not particularly concerning for SCITT or SCRAPI: once a statement is made, it is intended to be immutable and non-repudiable, so making it twice should not lead to any particular issues. There could be issues at the payload level (for instance, the statement "it is raining" may true when first submitted but not when replayed), but being payload-agnostic implementations of SCITT services cannot be required to worry about that. -If the semantic content of the payload are time dependent and susceptible to replay attacks in this way then timestamps MAY be added to the payload signed by the Issuer. +If the semantic content of the payload are time dependent and susceptible to replay attacks in this way then timestamps MAY be added to the protected header signed by the Issuer. #### Message deletion attacks From 54545f64f39b63a6168fb54b4c5046c9d4a44070 Mon Sep 17 00:00:00 2001 From: Steve Lasker Date: Tue, 12 Nov 2024 13:05:26 -0800 Subject: [PATCH 13/14] Update draft-ietf-scitt-scrapi.md Co-authored-by: Amaury Chamayou --- draft-ietf-scitt-scrapi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-scitt-scrapi.md b/draft-ietf-scitt-scrapi.md index 9939609..9b8832e 100644 --- a/draft-ietf-scitt-scrapi.md +++ b/draft-ietf-scitt-scrapi.md @@ -150,7 +150,7 @@ Authentication SHOULD NOT be implemented for this endpoint. This endpoint is used to discover the capabilities and current configuration of a transparency service implementing this specification. -The Transparency Service responds with a signed dictionary of configuration elements. These elements are Transparency-Service specific. +The Transparency Service responds with a dictionary of configuration elements. These elements are Transparency-Service specific. Contents of bodies are informative examples only. From 3742cc441ef6099ce5f15fadb03514d336184289 Mon Sep 17 00:00:00 2001 From: Steve Lasker Date: Tue, 19 Nov 2024 07:08:08 -0800 Subject: [PATCH 14/14] Update draft-ietf-scitt-scrapi.md --- draft-ietf-scitt-scrapi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-scitt-scrapi.md b/draft-ietf-scitt-scrapi.md index 9b8832e..12fa82f 100644 --- a/draft-ietf-scitt-scrapi.md +++ b/draft-ietf-scitt-scrapi.md @@ -121,7 +121,7 @@ NOTE: SCRAPI is not a CoAP API. Nonetheless Constrained Problem Details objects As an example, submitting a Signed Statement with an unsupported signature algorithm would return a `400 Bad Request` status code and the following body: -~~~cddl +~~~cbor-diag { / title / -1: "Bad Signature Algorithm", / detail / -2: "Signing algorithm 'WalnutDSA' not supported.",