Hello again, On a similar note to my previous email, could I get some clarity on a step in the SD-JWT verification process?
*4. If any digests were found more than once in the previous step, the SD-JWT MUST be rejected.* Step 4 in Section 6.1 (as shown above) could have multiple meanings in my opinion: - The digest was found multiple times (for example in an "_sd" array and as an array element). - More than one Disclosure have the same digest. On first reading of this I assumed that this step only covered the first of those two cases, but it has been pointed out to me by a colleague that it could cover both. If it is the case that both cases are covered by this step, then I think it would be helpful to clarify this in the text. Cheers, Jacob
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
