OpenID4VP icon indicating copy to clipboard operation
OpenID4VP copied to clipboard

Published 20 hours ago verified publisher icon openid

Clarify when signature verification is not required

Open martijnharing opened this issue 7 months ago • 3 comments

We discussed verification of signed requests here: https://github.com/openid/OpenID4VP/issues/395 where we agreed that it's not required by the OpenID4VP specification (but of course can be by a profile) to validate signed requests. We made changes to the specification, but I don't think we actually added the text that says verification is optional. There are also other cases where signatures are used, where we don't want to always require the wallet to validate a signature and otherwise reset.

Looking at the current text, I think it does actually require verification of certain signatures. While these signatures should definitely be verified in certain scenarios, we shouldn't always require validation of those signatures.

These include:

section 5.9.3 verifier_attestation: "he Wallet MUST validate the signature on the Verifier attestation JWT." ... "If the Wallet cannot establish trust, it MUST refuse the request." x509_san_dns: "The Wallet MUST validate the signature and the trust chain of the X.509 certificate." x509_hash: "The Wallet MUST validate the signature and the trust chain of the X.509 leaf certificate."

I think it's sufficient to state that these requirements only apply when the corresponding signature is also verified stating that verification of the request signatures is optional, but we should make that explicit.

In verifier_attestations, data: "The Wallet MUST validate this signature and ensure binding."

In this case we should state that verification is required if the information is used.

martijnharing avatar Apr 17 '25 10:04 martijnharing

we already agreed in the WG in #395 that "it is up to the ecosystem to decide whether to signature validation is mandatory or not" for example, under eIDAS, if the wallet cannot verify at least one signature, it won’t return any credential. but in other jurisdictions, the origin might be sufficient to release a credential.

Sakurann avatar Apr 24 '25 17:04 Sakurann

Indeed, but the text currently doesn't say that for the items I mentioned. It just says that the signatures (and chains) must be validated.

The requirement to validate the signature before using the information (e.g. the information in the subject of the X.509 certificate) is important. But it's not mandatory (purely because of the OpenID4VP spec) to actually use that information from the X.509 certificate, that's up to the ecosystem.

martijnharing avatar Apr 28 '25 07:04 martijnharing

WG discussion:

  • this applies only for signed requests over DC API: "it is up to the ecosystem/policy to decide whether to signature validation is mandatory or not".
    • multi signature case is this one.
    • need to be clear that wallet needs to determine which ecosystem/policy governs this.
  • for vanilla openid4vp, wallet MUST validate the request signature when client id scheme requires signature.

Sakurann avatar May 13 '25 19:05 Sakurann