I have reviewed the Transaction Token document. In general I think it is a
needed document and I am glad there is work in this area. I have some
questions and comments below:
1. Section 4 defines Trust Domain and seems to point to RFC 7519. I
couldn't find any reference to trust domain in 7519.
I want to voice my support for this draft: Proof of Issuer Key Authority
(PIKA). The ability to reason about the past validity of JWKS is extremely
useful for using OIDC in signing CI artifacts and e2e encrypted
messaging.This includes what we are building at OpenPubkey (
github.com/openpubkey/open
