From 9c0e6bde883f44cfcb674cce7cf33846600a4adb Mon Sep 17 00:00:00 2001 From: Giuseppe De Marco Date: Tue, 16 Apr 2024 15:17:54 +0200 Subject: [PATCH] chore: add recommedation about public key used in the jwt proof This PR aims to remark an important aspect about the unlinkability of the credential through the holder key binding. --- docs/en/pid-eaa-issuance.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/en/pid-eaa-issuance.rst b/docs/en/pid-eaa-issuance.rst index d75af32fa..fd9a53792 100644 --- a/docs/en/pid-eaa-issuance.rst +++ b/docs/en/pid-eaa-issuance.rst @@ -322,6 +322,10 @@ The ``client_assertion`` is signed using the private key that is created during **PID/(Q)EAA Credential Schema and Status registration:** The PID/(Q)EAA Provider MUST register all the issued Credentials for their later revocation, if needed. +.. note:: + + **It is RECOMMENDED that the public key contained in the ``jwt_proof`` be specifically generated for the requested Credential (fresh cryptographic key) to ensure that different issued Credentials do not share the same public key, thereby remaining unlinkable to each other. + .. code-block:: POST /credential HTTP/1.1