Joseph Heenan
Joseph Heenan
The relevant text is: > When the Client Identifier Prefix is x509_san_dns, the original Client Identifier (the part after the x509_san_dns: prefix) MUST be a DNS name and match a...
(for clarify, I'm writing as a WG participant, not a chair, so this is my personal take) As currently written, `x509_san_dns:foo.example.com` would be permitted with a certificate that listed both...
We can probably do some clarifications in an errata and/or VP 1.1 if we don't break things. > Note that in RFC5280 they don't forbid wildcard characters: They don't, but...
> My question is simple: > > * what are the rules for the x509_san_dns matching when TLS certificates are wildcard certificates: > a) match the URL you're visiting with...
Consensus on today's WG call: Implementation must not break if optional fields are absent. Adding a note might be good but it would sit better in VCI. No immediate need...
I think this is likely a mistake in the example - I don't think there is a case when JSON object is used in this case. I think we should...
Discussed on today's WG call: Consensus is a PR with a suggestion on the actual text would help people.
Discussed on today's EU call too: There is an additional option of explicitly stating that `intent_to_retain` being optional means that the verifier is not specifying if it will retain or...
some discussion about this is recorded on https://github.com/openid/OpenID4VC-HAIP/issues/233 too
Note that there's an issue open to add a format identifier for w3c vcdm 2.0: https://github.com/openid/OpenID4VP/issues/5 I'm not sure I fully understand the question you're asking - I'm not a...