Ensure the DI test suites include specific checks for these vulnerabilities, ensuring conformant implementations handle them correctly. This will be tough if we do not make strong normative statements about (1) and (2) above, but we can at least note conformance for implementers who have chosen to follow the guidance.
Both the VCDM and DI specifications might contain new normative statements that require checking of context values. The checks probably make more sense in the VCDM v2.0 test suite than they do the DI test suite. This issue is being raised to ensure that we consider the tests in both test suites.
From https://github.com/w3c/vc-data-integrity/issues/272#issuecomment-2212258255, @decentralgabe wrote:
Both the VCDM and DI specifications might contain new normative statements that require checking of context values. The checks probably make more sense in the VCDM v2.0 test suite than they do the DI test suite. This issue is being raised to ensure that we consider the tests in both test suites.
There is a duplicate issue raised in https://github.com/w3c-ccg/data-integrity-test-suite-assertion/issues/65.