Reviewer: Watson Ladd
Review result: Serious Issues
I generated this review of this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG. These
comments were written with the intent of improving security requirements and
considerat
Hi,
I am trying to reconcile the security guidance provided by RFC 7517
and RFC 8725. My question is how to validate a key received from a
JWKS endpoint if it contains a "x5c" parameter. In RFC 8725, section
3.8 it states:
https://www.rfc-editor.org/rfc/rfc8725.html#name-validate-issuer-and-subjec
