The spec currently does not define what to do if the same digest value appears more than once in an SD-JWT. This could be the case if the Issuer or Holder is operating maliciously.
Some possible approaches:
first digest in the document wins (in the order presented in the document)
first digest in the document wins (all map keys sorted lexically)
ignore the digest
the entire document is invalid
Proposal:
Holders and Verifiers receiving an SD-JWT have to scan all digests in all _sd element at any level of the document to check for duplicates. If the same digest appears more than once, the entire document is invalid. This prevents an attack where the Issuer gets the Holder to request an innocuous claim inside in a private claim with the same name as a more valuable claim, and includes this digest where it has a different meaning (perhaps offering an x5c or aud claim at the root level.
The spec currently does not define what to do if the same digest value appears more than once in an SD-JWT. This could be the case if the Issuer or Holder is operating maliciously.
Some possible approaches:
Proposal: Holders and Verifiers receiving an SD-JWT have to scan all digests in all _sd element at any level of the document to check for duplicates. If the same digest appears more than once, the entire document is invalid. This prevents an attack where the Issuer gets the Holder to request an innocuous claim inside in a private claim with the same name as a more valuable claim, and includes this digest where it has a different meaning (perhaps offering an
x5c
oraud
claim at the root level.