credential_pop typ

[fmarino-ipzs]

The credential_pop is a JWT. I would consider typ as OPTIONAL and value it with jwt. If omitted by default it is assumed to be jwt.

[OR13]

We might consider addressing the CWT case at the same time here.

Its against the JWT BCP to omit typ at this point: https://datatracker.ietf.org/doc/html/rfc8725#name-use-explicit-typing

I'd propose the following:

credential_pop MUST be a JWT or CWT.

The typ protected header parameter SHOULD be "kb+jwt" or "kb+cwt".

[peppelinux]

I and @fmarino-ipzs agreed with you, please open a PR if possibile

this issue is tagged under the milestone 01

[SaraConsoliACN]

This issue has been resolved by PR #37.