Hi Daniel,
Thanks for the response, that makes total sense.
Jacob
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Hi Jacob,
this check is mainly important for the Holder to ensure the integrity of
the received SD-JWT. For the Verifier, there is not much to gain by
checking this (but it also doesn't hurt either).
However, we intended to keep the algorithms for the Holder and Verifier
similar and
Hello all,
Please let me know if there's a better channel to ask questions and/or
raise issues with the SD-JWT spec.
Currently as part of verification of an SD-JWT the following is stated:
*Upon receiving an SD-JWT, a Holder or a Verifier MUST ensure that *
- *the Issuer-signed JWT is
