dvorak42
commented
1 year ago Hopefully as part of resolving #231, part of this can be resolved/redirected to the VOPRF draft. We'll work on integrating the specific callouts/checks from the IETF doc as part of the algorithm steps in the spec.
Request signing is a leftover from a previous version, I've removed it from that document.
The issuance procedures are described in a markdown document that only contains a pretty loose description of how things are expected to work. This is not precise enough for inclusion in an algorithm and is not up to the usual standards for W3C specifications in terms of error handling.
For instance, the document does not describe what a client needs to do in order to accept the tokens that an issuer produces. For instnace, the V in VOPRF is necessary here to ensure that the server has used one of the permitted keypairs, with similar checks needed for the PMB algorithms.
For instance, the request signing section contains a broken link.