Liaison statement
application/vp+sd-jwt media type registration request from W3C

Dear Martin, and experts in general,

The "Securing Verifiable Credentials using JOSE and COSE" specification[1] that
contains the respective media type specifications, as well as the core document
that the JOSE/COSE format relies on, i.e., the "Verifiable Credentials Data
Model v2.0" specification[2], have both been thoroughly reviewed by W3C's
security and privacy groups before publication (as mandated by the W3C
process). The relevant security and privacy considerations have been published
as part of the respective specifications (see [3] and [4] for JOSE/COSE, an [5]
and [6] for VC).

Based on that, we can claim that the security and privacy considerations,
referenced in the specifications, are true and complete, and that all known
concerns have indeed been properly documented or addressed.

I hope this covers your concerns

Sincerely

Ivan Herman
W3C staff contact for the Verifiable Credentials Working Group

[1] https://www.w3.org/TR/vc-jose-cose/
[2] https://www.w3.org/TR/vc-data-model-2.0/
[3] https://www.w3.org/TR/vc-jose-cose/#security-considerations
[4] https://www.w3.org/TR/vc-jose-cose/#privacy-considerations
[5] https://www.w3.org/TR/vc-data-model-2.0/#security-considerations
[6] https://www.w3.org/TR/vc-data-model-2.0/#privacy-considerations