You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Should the responses, when shared by the CH or issued by the CI encrypted or is the transport encryption (HTTPS) good enough?
Should encryption be advocated more (e.g., a section about encryption)?
When exchanging information, is validating the TLS certificate enough, or should all requests/responses also be signed? (e.g., like authenticated key exchange)
For example: when DIDs are used, both sides should: validate the DID, check if the DID is not revoked, requests/responses should be signed using one of the DID keys.
The text was updated successfully, but these errors were encountered:
In OIDC Core there a short section on signatures/encryption https://openid.net/specs/openid-connect-core-1_0.html#SigEnc
Should the responses, when shared by the CH or issued by the CI encrypted or is the transport encryption (HTTPS) good enough?
Should encryption be advocated more (e.g., a section about encryption)?
When exchanging information, is validating the TLS certificate enough, or should all requests/responses also be signed? (e.g., like authenticated key exchange)
For example: when DIDs are used, both sides should: validate the DID, check if the DID is not revoked, requests/responses should be signed using one of the DID keys.
The text was updated successfully, but these errors were encountered: