5. Security Considerations

The security considerations of CBOR [RFC7049] apply. This format provides no cryptographic integrity protection of any kind but can be combined with security specifications such as CBOR Object Signing and Encryption (COSE) [RFC8152] to do so. (COSE protections can be applied to an entire CBOR Sequence or to each of the elements of the sequence independently; in the latter case, additional effort may be required if there is a need to protect the relationship of the elements in the sequence.)

As usual, decoders must operate on input that is assumed to be untrusted. This means that decoders MUST fail gracefully in the face of malicious inputs.