Key Binding: Ability of the Holder to prove legitimate possession of
an SD-JWT by proving control over a private key during the
presentation. When utilizing Key Binding, an SD-JWT contains the
public key corresponding to the private key controlled by the
Holder (or a reference to this public key).
Talking of a "legitimate possession" is an abuse of language. Who possesses the private key is unknown.
Even when the key is controlled by a Holder, the End-User can decide to perform cryptographic computations
with the private key for the benefit of one or more End-Users. If the set of claims does not allow to uniquely
identify the End-User, the End-User cannot be caught. In that case, the End-User can even monetize his services
for the benefit of hundred of users.
Replace this definition by:
Key Binding: Ability to demonstrate to a Verifier that a
cryptographic result computed over a data structure using
a private key corresponding to a public key contained in a SD-JWT
is correct.
The current definition of key Binding is:
Talking of a "legitimate possession" is an abuse of language. Who possesses the private key is unknown. Even when the key is controlled by a Holder, the End-User can decide to perform cryptographic computations with the private key for the benefit of one or more End-Users. If the set of claims does not allow to uniquely identify the End-User, the End-User cannot be caught. In that case, the End-User can even monetize his services for the benefit of hundred of users.
Replace this definition by: