Typ header parameter being misused in TraTs draft

[tulshi]

According to the RFC 7515 (JWS), the "typ" header parameter is supposed to indicate a media-type (https://www.iana.org/assignments/media-types/media-types.xhtml). In addition, the JWT spec section 5.1 clarifies that if used, it should be set to "JWT". However, the TraTs draft requires this to be set to "txn_token". This is clearly not right. We need to find another way to identify a JWT to be a TraT.

[bc-pi]

see also https://www.rfc-editor.org/rfc/rfc8725.html#name-use-explicit-typing https://datatracker.ietf.org/doc/html/rfc9068#name-header https://www.rfc-editor.org/rfc/rfc9449.html#name-dpop-proof-jwt-syntax

[tulshi]

Thanks for these references. I will go with "txntoken+jwt" for now, based on the recommendation of the "Explicit Typing" section.