Closed fmarino-ipzs closed 3 weeks ago
Not info info on this issue to fully follow the request.
when using cnf
claim in the COSE or JOSE Payload, typically you would have:
MUST support "cnf": { "jwk": ...}}
MAY support "cnf": { "kid": ...}}
When referring to the issuer's signing keys for the credential in the protected header, typically you would have:
MUST support "kid": ...
MAY support "x5t": ...
MAY support "jwk": ...
I would not recommend x5c
in protected headers at this point, for new specs.
We should generalize the key identifier by adding:
Only one of them MUST be used.