[Openid-specs-digital-credentials-protocols] openid/oid4vc-haip-sd-jwt-vc: Comment created on issue 103
github at oidf.org
github at oidf.org
Fri May 24 13:21:06 UTC 2024
openid/oid4vc-haip-sd-jwt-vc event
Issue Comment created on issue 103
Issue Title: SD-JWT VC requires `iss` value to be a URI
https://github.com/openid/oid4vc-haip-sd-jwt-vc/issues/103
Comment: > Allowing none URI values is probably more in keeping with JWT. @OR13 Yes, I'm not excited about relaxing the URI requirement but when I think about it, it might be useful since it would be easier to just match the `iss` value directly against the value in the SAN entry. > almost all x509 certificates today use dNSName SAN Another thing I was interested in @paulbastian, which certificates are you referring to? Are you talking mostly about TLS certs? Are you concerned about that it would be not be easy for an issuer to obtain a cert with a SAN URI from an existing TLS CA? In that case, I was always wondering whether those usually issue certs with extended key usage "TLS server authentication" and whether that is set to Critical or Non-Critical, or if this was a decision that can be made in the CSR. If it was Critical, you won't be able to use those certificates, right? Anyways, I'd rather have the discussion on changing SD-JWT VC in the SD-JWT VC repo for visibility reasons.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240524/750928b5/attachment.html>
More information about the Openid-specs-digital-credentials-protocols
mailing list