Skip to content

Resolve issue with conflicting 'MUST' & 'SHOULD' for key attestations #282

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 30, 2025
Merged

Resolve issue with conflicting 'MUST' & 'SHOULD' for key attestations #282

merged 3 commits into from
Sep 30, 2025

Conversation

@jogu
Copy link
Contributor

@jogu jogu commented Sep 22, 2025

The 'MUST' for the proof types supported was not intended to be a MUST given we now have only a 'SHOULD' in the following section for supporting the key attestations format defined in OID4VCI.

closes #270

paulbastian
paulbastian reviewed Sep 23, 2025
View reviewed changes
Copy link
Collaborator

@paulbastian paulbastian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this mean if you use other key attestations then you may also use other proof_types?

@jogu
Copy link
Contributor Author

jogu commented Sep 23, 2025
edited
Loading

Does this mean if you use other key attestations then you may also use other proof_types?

@paulbastian Hrrm. Good question. That was certainly where I was going.

I think this breaks down into two parts:

  1. attestation proof type - as defined, I don't think this is usable with other formats of key attestations, so by definition you can't support that proof type I believe.
  2. jwt proof type - I believe you can't put other formats of key attestations into the key_attestation header (according to the current text), but I believe you could define a new field that contains an attestation in a different format.

Does that sound correct? If so I'm not sure where that leaves us. Do you have a suggestion on what we should say?

@Sakurann
Copy link
Contributor

Sakurann commented Sep 23, 2025
edited
Loading

WG discussion.

  • update the text so that it is clearer that for non annex D key attestations, especially those that are not JWTs, additional proof types would need to be defined most likely.
  • and point out that even for non-JWT key attestations, jwt proof type can be used (but not attestation proof type)

jogu
jogu commented Sep 24, 2025
View reviewed changes
jogu
jogu commented Sep 24, 2025
View reviewed changes
@jogu
Copy link
Contributor Author

jogu commented Sep 24, 2025

Updated based on WG discussion, please re-review @paulbastian

Sakurann
Sakurann approved these changes Sep 24, 2025
View reviewed changes
Copy link
Contributor

@Sakurann Sakurann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reads really good!

@jogu jogu added the has-at-least-3-approvals PRs that have the normal 3 approvals we require label Sep 25, 2025
@jogu jogu merged commit 9e57691 into main Sep 30, 2025
2 checks passed
@Sakurann Sakurann added this to the 1.0 Final milestone Oct 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@c2bo c2bo c2bo approved these changes

@paulbastian paulbastian paulbastian approved these changes

@Sakurann Sakurann Sakurann approved these changes

Assignees

No one assigned

Labels

has-at-least-3-approvals PRs that have the normal 3 approvals we require

Projects

None yet

Milestone

1.0 Final

Development

Successfully merging this pull request may close these issues.

Confusing requirements for key attestations

5 participants

@jogu @Sakurann @c2bo @paulbastian