The JWS and JWE specs defined the "kid" header value that can be used to identify the key used for signing or encryption. Subsequently, the JWK thumbprint method was defined.
Has anyone put any thought into registering a header value for JWS and JWE headers that indicates the thumbprint of the key used for signing or encryption? This would be very helpful for key indexes especially when using unprotected headers since the value of "kid" might be modified. _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
