[Openid-specs-ab] Issue #1691: [OIDC4VCI] Proof checking insufficient (openid/connect)
Daniel Fett
issues-reply at bitbucket.org
Tue Oct 25 09:45:32 UTC 2022
New issue 1691: [OIDC4VCI] Proof checking insufficient
https://bitbucket.org/openid/connect/issues/1691/oidc4vci-proof-checking-insufficient
Daniel Fett:
As far as I can see, there are no instructions on checking the proof except for “the Credential Issuer MUST validate that the proof is actually signed by a key identified in kid parameter.”
This needs to be expanded to include, e.g.:
* checking the relationship between the key and the key that is to be used for the credential
* checking nonce, audience, issuer,
* checking the times \(iat\),
* checking any other properties of the key that are required \(attestation?\)
More information about the Openid-specs-ab
mailing list