Why infer the publickey from 'iss' claim? What about using the 'jku' header?

[vsmahesh]

What was the reason for using the iss claim to represent the public key instead of the jku header? The verification process involves two actions, at a high level:

1. verify the digital signature of JWS
2. verify the content

Inflating the payload becomes a prerequisite for signature verification, and is an overhead if you look at a single responsibility perspective. If we use the 'jku' header, this computing overhead can be avoided. Also, I feel this will make the spec more aligned with the existing standards.

Any thoughts?

[jmandel]

The motivation here is 1) save space by avoiding the need to include two distinct claims, and 2) avoid the need to constrain binding of JWK URLs to issuers (e.g., if we used an unconstrained jku, we'd want some way to prevent malicious actors from using a valid issuer URL together with a malicious jku).

Edit to add: I agree with your points about single responsibility here; this is a good principle in slight tension with other goals.

[vsmahesh]

Thank you for the reply.

Is there any other function for the iss claim? Can we completely avoid it and relay only on the jku header?

[vsmahesh]

I just realized that 'issuer' is mandatory as per the verifiable credential specification. So taking the previous question back.

Thanks

[jmandel]

Sure thing. Expectation is that the issuers domain is something that participants might recognize or can look up independently (e.g. the public domain for a retail pharmacy chain) as (part of) a basis for trust.