search

w3c / vc-jose-cose

Verifiable Credentials Working Group — VC JSON Web Tokens specification
https://w3c.github.io/vc-jose-cose/
Other
31 stars 13 forks source link

Clarification on usage of nbf claim #275

Closed sloops77 closed 1 month ago

sloops77 commented 4 months ago

There is still some residual confusion around the use of nbf that should be clarified.

The spec currently mentions that 

     When the iat and/or exp JWT claims are present, they represent the issuance and expiration 
     time of the signature, respectively. Note that these are different from the validFrom and 
     validUntil properties defined in Validity Period, which represent the validity of the data that 
     is being secured.

I think nbf should be mentioned in this paragraph as well, as the same interoperability concern exists here as there may be some discrepancies between how verifiers handle nbf vs how validFrom is treated.

decentralgabe commented 3 months ago

The text should not imply that nbf should be used. @selfissued will adjust the current language.