Hi Jacob,

the intention was to cover the first case you listed. We should clarify this.

-Daniel

Am 20.10.23 um 15:02 schrieb Jacob Ward:
Hello again,

On a similar note to my previous email, could I get some clarity on a step in the SD-JWT verification process?

/4. If any digests were found more than once in the previous step, the SD-JWT MUST be rejected.

/
Step 4 in Section 6.1 (as shown above) could have multiple meanings in my opinion: - The digest was found multiple times (for example in an "_sd" array and as an array element).
- More than one Disclosure have the same digest.

On first reading of this I assumed that this step only covered the first of those two cases, but it has been pointed out to me by a colleague that it could cover both. If it is the case that both cases are covered by this step, then I think it would be helpful to clarify this in the text.

Cheers,

Jacob

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

--
Please use my new email address:m...@danielfett.de
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to