<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>Hi Filip,<br>
    </p>
    <div class="moz-cite-prefix">On 23/03/2020 10:54, Filip Skokan via
      Openid-specs-ab wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CALAqi_8hCu0pMjSjP67+7sRLLfLvieiwcfW_A5=F9TnciQTRWw@mail.gmail.com">
      <ol>
        <li>should we do something about that language to suggest that
          signature recipients may omit fetching external jwks_uri
          resources if they already did so recently?</li>
        <li>should we extend the <a
href="https://openid.net/wordpress-content/uploads/2015/04/OpenID-Certification-Attestation-Statement.pdf"
            moz-do-not-send="true">attestation statement</a> to allow
          for other rotation tests to be attested to allow implementers
          to have mechanisms that protect their infrastructure.</li>
      </ol>
    </blockquote>
    <p>What is your own take on this?</p>
    <p>Vladimir<br>
    </p>
    <pre class="moz-signature" cols="72">-- 
Vladimir Dzhuvinov</pre>
  </body>
</html>