Section 8: "Whenever TLS is used, a TLS server certificate check MUST be performed, per RFC 6125 [RFC6125]."
I can't find the string "certificate check" in RFC 6125. I *think* the intention here is that the identity of the service provider MUST be verified using the procedures described in Section 6 of RFC 6125. Proposed text: OLD: "a TLS server certificate check MUST be performed, per RFC 6125" NEW: "the identity of the service provider encoded in the TLS server certificate MUST be verified using the procedures described in Section 6 of RFC 6125" Scott and Burt _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
