From 88a20a81d4e20454129734a46467017d1158172e Mon Sep 17 00:00:00 2001 From: Oliver Terbu Date: Tue, 18 Nov 2025 20:59:48 +0100 Subject: [PATCH 1/4] fix: make a256gcm and a128gcm mandatory for verifiers, while making either of them mandatory for the wallet --- openid4vc-high-assurance-interoperability-profile-1_0.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/openid4vc-high-assurance-interoperability-profile-1_0.md b/openid4vc-high-assurance-interoperability-profile-1_0.md index 2e254835..12d0f7ad 100644 --- a/openid4vc-high-assurance-interoperability-profile-1_0.md +++ b/openid4vc-high-assurance-interoperability-profile-1_0.md @@ -250,7 +250,8 @@ The following requirements apply to OpenID for Verifiable Presentations, irrespe * The DCQL query and response as defined in Section 6 of [@!OIDF.OID4VP] MUST be used. * Response encryption MUST be performed as specified in [@!OIDF.OID4VP, section 8.3]. The JWE `alg` (algorithm) header parameter (see [@!RFC7516, section 4.1.1]) value `ECDH-ES` (as defined in [@!RFC7518, section 4.6]), with key agreement utilizing keys on the `P-256` curve (see [@!RFC7518, section 6.2.1.1]) MUST be supported. - The JWE `enc` (encryption algorithm) header parameter (see [@!RFC7516, section 4.1.2]) value `A128GCM` (as defined in [@!RFC7518, section 5.3]) MUST be supported. + Furthermore, Verifiers MUST include `A128GCM` and `A256GCM` in `encrypted_response_enc_values_supported` in the client metadata. Wallets MUST support `A128GCM` or `A256GCM`, or both. If both are supported, the Wallet SHOULD use A256GCM for response encryption. + The JWE `enc` (encryption algorithm) header parameter (see [@!RFC7516, section 4.1.2]) value `A128GCM` and `A256GCM` (as defined in [@!RFC7518, section 5.3]) MUST be supported by Verifiers. Wallets MUST support `A128GCM` or `A256GCM`, or both. If Verifiers include `encrypted_response_enc_values_supported` in their client metadata, they MUST list both `A128GCM` and `A256GCM`. * Verifiers MUST supply ephemeral encryption public keys specific to each Authorization Request passed via client metadata as specified in Section 8.3 of [@!OIDF.OID4VP]. * The Authority Key Identifier (`aki`)-based Trusted Authority Query (`trusted_authorities`) for DCQL, as defined in section 6.1.1.1 of [@!OIDF.OID4VP], MUST be supported. Note that the Authority Key Identifiers mechanism can be used to support multiple X.509-based trust mechanisms, such as ISO mDL VICAL (as introduced in [@ISO.18013-5]) or ETSI Trusted Lists [@ETSI.TL]. This is achieved by collecting the relevant X.509 certificates for the trusted Issuers and including the encoded Key Identifiers from the certificates in the `aki` array . @@ -677,6 +678,7 @@ The technology described in this specification was made available from contribut * add reference to ECCG Agreed Cryptographic Mechanisms 2.0 * require x5c header in the OID4VCI Appendix D key attestation + * require A256GCM and A128GCM for verifiers -05 From 635cb043e129ad9ab00e200f6d2b733d15739762 Mon Sep 17 00:00:00 2001 From: Oliver Terbu Date: Tue, 18 Nov 2025 21:03:58 +0100 Subject: [PATCH 2/4] fix: lang fix --- openid4vc-high-assurance-interoperability-profile-1_0.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/openid4vc-high-assurance-interoperability-profile-1_0.md b/openid4vc-high-assurance-interoperability-profile-1_0.md index 12d0f7ad..0bb63277 100644 --- a/openid4vc-high-assurance-interoperability-profile-1_0.md +++ b/openid4vc-high-assurance-interoperability-profile-1_0.md @@ -250,8 +250,7 @@ The following requirements apply to OpenID for Verifiable Presentations, irrespe * The DCQL query and response as defined in Section 6 of [@!OIDF.OID4VP] MUST be used. * Response encryption MUST be performed as specified in [@!OIDF.OID4VP, section 8.3]. The JWE `alg` (algorithm) header parameter (see [@!RFC7516, section 4.1.1]) value `ECDH-ES` (as defined in [@!RFC7518, section 4.6]), with key agreement utilizing keys on the `P-256` curve (see [@!RFC7518, section 6.2.1.1]) MUST be supported. - Furthermore, Verifiers MUST include `A128GCM` and `A256GCM` in `encrypted_response_enc_values_supported` in the client metadata. Wallets MUST support `A128GCM` or `A256GCM`, or both. If both are supported, the Wallet SHOULD use A256GCM for response encryption. - The JWE `enc` (encryption algorithm) header parameter (see [@!RFC7516, section 4.1.2]) value `A128GCM` and `A256GCM` (as defined in [@!RFC7518, section 5.3]) MUST be supported by Verifiers. Wallets MUST support `A128GCM` or `A256GCM`, or both. If Verifiers include `encrypted_response_enc_values_supported` in their client metadata, they MUST list both `A128GCM` and `A256GCM`. + The JWE `enc` (encryption algorithm) header parameter (see [@!RFC7516, section 4.1.2]) value `A128GCM` and `A256GCM` (as defined in [@!RFC7518, section 5.3]) MUST be supported by Verifiers. Wallets MUST support `A128GCM` or `A256GCM`, or both. If both are supported, the Wallet SHOULD use `A256GCM` for the JWE `enc`. If Verifiers include `encrypted_response_enc_values_supported` in their client metadata, they MUST list both `A128GCM` and `A256GCM`. * Verifiers MUST supply ephemeral encryption public keys specific to each Authorization Request passed via client metadata as specified in Section 8.3 of [@!OIDF.OID4VP]. * The Authority Key Identifier (`aki`)-based Trusted Authority Query (`trusted_authorities`) for DCQL, as defined in section 6.1.1.1 of [@!OIDF.OID4VP], MUST be supported. Note that the Authority Key Identifiers mechanism can be used to support multiple X.509-based trust mechanisms, such as ISO mDL VICAL (as introduced in [@ISO.18013-5]) or ETSI Trusted Lists [@ETSI.TL]. This is achieved by collecting the relevant X.509 certificates for the trusted Issuers and including the encoded Key Identifiers from the certificates in the `aki` array . From 4b8ed40fefa4c615073defd65be811cb27b5b2f9 Mon Sep 17 00:00:00 2001 From: Oliver Terbu Date: Tue, 18 Nov 2025 21:50:35 +0100 Subject: [PATCH 3/4] Applied WG consensus --- openid4vc-high-assurance-interoperability-profile-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid4vc-high-assurance-interoperability-profile-1_0.md b/openid4vc-high-assurance-interoperability-profile-1_0.md index 0bb63277..f4ab2ff4 100644 --- a/openid4vc-high-assurance-interoperability-profile-1_0.md +++ b/openid4vc-high-assurance-interoperability-profile-1_0.md @@ -250,7 +250,7 @@ The following requirements apply to OpenID for Verifiable Presentations, irrespe * The DCQL query and response as defined in Section 6 of [@!OIDF.OID4VP] MUST be used. * Response encryption MUST be performed as specified in [@!OIDF.OID4VP, section 8.3]. The JWE `alg` (algorithm) header parameter (see [@!RFC7516, section 4.1.1]) value `ECDH-ES` (as defined in [@!RFC7518, section 4.6]), with key agreement utilizing keys on the `P-256` curve (see [@!RFC7518, section 6.2.1.1]) MUST be supported. - The JWE `enc` (encryption algorithm) header parameter (see [@!RFC7516, section 4.1.2]) value `A128GCM` and `A256GCM` (as defined in [@!RFC7518, section 5.3]) MUST be supported by Verifiers. Wallets MUST support `A128GCM` or `A256GCM`, or both. If both are supported, the Wallet SHOULD use `A256GCM` for the JWE `enc`. If Verifiers include `encrypted_response_enc_values_supported` in their client metadata, they MUST list both `A128GCM` and `A256GCM`. + The JWE `enc` (encryption algorithm) header parameter (see [@!RFC7516, section 4.1.2]) value `A128GCM` and `A256GCM` (as defined in [@!RFC7518, section 5.3]) MUST be supported by Verifiers. Wallets MUST support `A128GCM` or `A256GCM`, or both. If both are supported, the Wallet SHOULD use `A256GCM` for the JWE `enc`. Verifiers MUST list both `A128GCM` and `A256GCM` in `encrypted_response_enc_values_supported` in their client metadata. * Verifiers MUST supply ephemeral encryption public keys specific to each Authorization Request passed via client metadata as specified in Section 8.3 of [@!OIDF.OID4VP]. * The Authority Key Identifier (`aki`)-based Trusted Authority Query (`trusted_authorities`) for DCQL, as defined in section 6.1.1.1 of [@!OIDF.OID4VP], MUST be supported. Note that the Authority Key Identifiers mechanism can be used to support multiple X.509-based trust mechanisms, such as ISO mDL VICAL (as introduced in [@ISO.18013-5]) or ETSI Trusted Lists [@ETSI.TL]. This is achieved by collecting the relevant X.509 certificates for the trusted Issuers and including the encoded Key Identifiers from the certificates in the `aki` array . From 23cf8029573dbcc0b58563572123643ce1e43a06 Mon Sep 17 00:00:00 2001 From: Oliver Terbu Date: Thu, 20 Nov 2025 17:11:29 +0100 Subject: [PATCH 4/4] Applied editorial suggestion Co-authored-by: Frederik Krogsdal Jacobsen --- openid4vc-high-assurance-interoperability-profile-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid4vc-high-assurance-interoperability-profile-1_0.md b/openid4vc-high-assurance-interoperability-profile-1_0.md index f4ab2ff4..ebd8eca9 100644 --- a/openid4vc-high-assurance-interoperability-profile-1_0.md +++ b/openid4vc-high-assurance-interoperability-profile-1_0.md @@ -250,7 +250,7 @@ The following requirements apply to OpenID for Verifiable Presentations, irrespe * The DCQL query and response as defined in Section 6 of [@!OIDF.OID4VP] MUST be used. * Response encryption MUST be performed as specified in [@!OIDF.OID4VP, section 8.3]. The JWE `alg` (algorithm) header parameter (see [@!RFC7516, section 4.1.1]) value `ECDH-ES` (as defined in [@!RFC7518, section 4.6]), with key agreement utilizing keys on the `P-256` curve (see [@!RFC7518, section 6.2.1.1]) MUST be supported. - The JWE `enc` (encryption algorithm) header parameter (see [@!RFC7516, section 4.1.2]) value `A128GCM` and `A256GCM` (as defined in [@!RFC7518, section 5.3]) MUST be supported by Verifiers. Wallets MUST support `A128GCM` or `A256GCM`, or both. If both are supported, the Wallet SHOULD use `A256GCM` for the JWE `enc`. Verifiers MUST list both `A128GCM` and `A256GCM` in `encrypted_response_enc_values_supported` in their client metadata. + The JWE `enc` (encryption algorithm) header parameter (see [@!RFC7516, section 4.1.2]) values `A128GCM` and `A256GCM` (as defined in [@!RFC7518, section 5.3]) MUST be supported by Verifiers. Wallets MUST support `A128GCM` or `A256GCM`, or both. If both are supported, the Wallet SHOULD use `A256GCM` for the JWE `enc`. Verifiers MUST list both `A128GCM` and `A256GCM` in `encrypted_response_enc_values_supported` in their client metadata. * Verifiers MUST supply ephemeral encryption public keys specific to each Authorization Request passed via client metadata as specified in Section 8.3 of [@!OIDF.OID4VP]. * The Authority Key Identifier (`aki`)-based Trusted Authority Query (`trusted_authorities`) for DCQL, as defined in section 6.1.1.1 of [@!OIDF.OID4VP], MUST be supported. Note that the Authority Key Identifiers mechanism can be used to support multiple X.509-based trust mechanisms, such as ISO mDL VICAL (as introduced in [@ISO.18013-5]) or ETSI Trusted Lists [@ETSI.TL]. This is achieved by collecting the relevant X.509 certificates for the trusted Issuers and including the encoded Key Identifiers from the certificates in the `aki` array .