Liaison statement
application/vp+sd-jwt media type registration request from W3C

Earlier in 2025, IANA forwarded to the appointed Designated Experts (DEs) an
application by the W3C to register the media type application/vp+sd-jwt.  DEs
are appointed to their positions by the Internet Engineering Steering Group.

Media type DEs are tasked primarily with ensuring that registrations,
especially of those on the standards tree, are properly documented and that the
registration template is properly completed.  With respect to security in
particular, the DEs are expected to ensure that a reasonably thorough security
review was done and the results of this are associated with the registration. 
Note, however, that the DEs are not necessarily security experts and therefore
are not expected to affirm or extend any security review that was done, but
merely to assure that appropriate due diligence was executed.  Moreover, as per
RFC 6838, there is no obligation that a media type be devoid of security risks,
only that all known risks are properly documented.

Media type requests that are under review are revealed to the IETF community
via the media-types@ietf.org mailing list.  On that basis, we received feedback
that deployment of this media type would be harmful to the Internet and urged
careful consideration and review.  When clarifying the objection, it was found
that this is not a singular position, and that these concerns were raised
during development of the work by the W3C.

Before continuing with the approval process, the DEs request that the W3C
review the record that was the source of this registration and advise as to
whether the Security Considerations (or equivalent) material in the referenced
specification is true and complete, and that all known concerns have indeed
been properly documented or addressed.  We will hold this registration until a
reply has been received.