Consider making cnf optional

Question

Consider making cnf optional

awoie opened this issue 6 months ago · comments

Not all VCs require key binding. For those, cnf should be made optional.

Brian Campbell · Answer 1 · Tue Dec 19 2023 04:53:22 GMT+0800 (China Standard Time)

I've read the text in https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-01.html#section-3.2.2.2-3.5.2.1 that says "REQUIRED when Cryptographic Key Binding is to be supported." as cnf being optional or not required when key binding isn't needed. Perhaps we need to discuss and/or make things more clear?

Oliver Terbu · Answer 2 · Tue Dec 19 2023 05:33:11 GMT+0800 (China Standard Time)

Do you think we should also explain the OPTIONAL case or replace the REQUIRED with something else? CONDITIONAL is not a reserved word unfortunately.

Paul Bastian · Answer 3 · Thu Jan 18 2024 04:43:59 GMT+0800 (China Standard Time)

I would propose to clarify this. From a quick reading this is not obviously optional and it does not match the other claims that only state REQUIRED/OPTIONAL without any conditions. As cryptographic binding is optional, I think this line should begin with "OPTIONAL. [...]"

Brian Campbell · Answer 4 · Wed Feb 21 2024 05:53:36 GMT+0800 (China Standard Time)

I would propose to clarify this. From a quick reading this is not obviously optional and it does not match the other claims that only state REQUIRED/OPTIONAL without any conditions. As cryptographic binding is optional, I think this line should begin with "OPTIONAL. [...]"

#213 attempts to do just that