Richard Barnes
Richard Barnes
Right now, most of the API is private (starts with a lower-case letter). We should consider whether it would be useful to expose more lower-layer primitives, e.g., to facilitate testing...
Currently, non-ApplicationData messages after the handshake are ignored. We need to do something with them.
Once we have the ability to configure certificates, we will need to implement the certificate selection algorithm defined in the spec, using SNI, signature_algorithms, and supported_groups.
This PR limits the scope of the term "SD-JWT" so that it refers only to an Issuer-signed JWT and a set of disclosures. We introduce the term "Fnord" to refer...
It seems like it could be helpful to implementors, allowing them to quickly validate whether what they have is syntactically an SD-JWT or an SD-JWT with key binding. Something like:...
Recursive redaction makes it much more complex to validate and handle SD-JWT objects. It requires that disclosure be processed in a particular order, and since this order is known only...
This document actually defines two object formats, with distinct formats and validation processes: 1. An object that is sent from Issuer to Holder, containing the Issuer JWT and zero or...
Right now, we support three different crypto providers: OpenSSL 1.1, OpenSSL 3, and BoringSSL. These providers have largely the same API, so we have a slightly hairy mess of `#ifdef`s...