The section should be renamed to "Issuer-signed JWT verification key validation" since the section is about checking that the iss value corresponds to the key that signed the JWT. The process of obtaining it via different means is just the first step.

We should also fix the language in the "Verification and Processing" section to say:

Furthermore, the recipient of the SD-JWT VC MUST validate the public verification key for the Issuer-signed JWT as defined in Section 3.5.

instead of

Furthermore, the recipient of the SD-JWT VC MUST obtain the public verification key for the Issuer-signed JWT as defined in Section 3.5.

Fixed by #183