[Openid-specs-digital-credentials-protocols] openid/oid4vc-haip-sd-jwt-vc: Comment created on issue 102
github at oidf.org
github at oidf.org
Thu May 16 13:55:06 UTC 2024
openid/oid4vc-haip-sd-jwt-vc event
Issue Comment created on issue 102
Issue Title: Issuers/Verifiers choice for either x5c or jwt-vc issuer metadata is not clear
https://github.com/openid/oid4vc-haip-sd-jwt-vc/issues/102
Comment: > > When x5t is present, check for x5c (could be in unprotected header in cose) > > > If there is a x5c header, why would you do an HTTP call? > > The x5c could have been tempered with. For JWTs compact, this is not the case because there are only protected headers, for JWTs JSON serialization, you could still put the `x5c` in the protected header, or put the `x5t` in the protected which secures the `x5c`.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240516/e0c6d42a/attachment.html>
More information about the Openid-specs-digital-credentials-protocols
mailing list