-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issuers/Verifiers choice for either x5c or jwt-vc issuer metadata is not clear #102
Comments
SD-JWT VC currently says, if Ecosystems can add additional rules as per SD-JWT VC. |
In SCITT, we did something similar. When x5t is present, check for x5c (could be in unprotected header in cose). We did not require a specific SAN to match the When only |
Why should I do an HTTP call if the absence of kid can tell me that I shouldn't? |
Are you saying either |
If there is a |
The x5c could have been tempered with. |
For JWTs compact, this is not the case because there are only protected headers, for JWTs JSON serialization, you could still put the |
as I said in #103 (comment), the intention of HAIP was that the issuer has to issue using two key resolution mechanisms - web-based key resolution (.well-known/jwt_vc_issuer with or without openid federation) or x509, and the verifier has to support only one of those. (which is also why the intention was to be able to use the same iss value for both key resolution mechanisms. |
It is not clear whether the Issuer or the Verifier has the choice for the two key management options. Clearly define who's choice it is
The text was updated successfully, but these errors were encountered: