Hi Jacob,
the intention was to cover the first case you listed. We should clarify
this.
-Daniel
Am 20.10.23 um 15:02 schrieb Jacob Ward:
Hello again,
On a similar note to my previous email, could I get some clarity on a
step in the SD-JWT verification process?
/4. If any digests were found more than once in the previous step, the
SD-JWT MUST be rejected.
/
Step 4 in Section 6.1 (as shown above) could have multiple meanings in
my opinion:
- The digest was found multiple times (for example in an "_sd" array
and as an array element).
- More than one Disclosure have the same digest.
On first reading of this I assumed that this step only covered the
first of those two cases, but it has been pointed out to me by a
colleague that it could cover both. If it is the case that both cases
are covered by this step, then I think it would be helpful to clarify
this in the text.
Cheers,
Jacob
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Please use my new email address:m...@danielfett.de
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth