Add text, possibly as a security consideration, but also as part of the main text to make it clear the key of an OAuth client presenting a sender constrained token cannot be used for proof of possession by a resource server acting as a client when requesting an assertion from the authorisation server. Instead the resource server will use their own key to perform PoP and obtain an assertion with a requested_cnf claim.
Add text, possibly as a security consideration, but also as part of the main text to make it clear the key of an OAuth client presenting a sender constrained token cannot be used for proof of possession by a resource server acting as a client when requesting an assertion from the authorisation server. Instead the resource server will use their own key to perform PoP and obtain an assertion with a requested_cnf claim.