From 69c64655883316a1772dc482a36d7dc78a603b89 Mon Sep 17 00:00:00 2001
From: Oliver Terbu <oliver.terbu@oliver.terbu-Mac>
Date: Mon, 27 Nov 2023 17:15:36 +1300
Subject: [PATCH] fix: made did resolution language more relaxed

---
 draft-ietf-oauth-sd-jwt-vc.md | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/draft-ietf-oauth-sd-jwt-vc.md b/draft-ietf-oauth-sd-jwt-vc.md
index fce1b5b0..79b95971 100644
--- a/draft-ietf-oauth-sd-jwt-vc.md
+++ b/draft-ietf-oauth-sd-jwt-vc.md
@@ -328,10 +328,7 @@ verification key for the Issuer-signed JWT:
 
 - JWT Issuer Metadata: If the `iss` value contains an HTTPS URI, the recipient MUST
 obtain the public key using JWT Issuer Metadata as defined in (#jwt-issuer-metadata).
-- DID Document Resolution: If the `iss` value contains a DID [@W3C.DID], the recipient MUST retrieve
-the public key from the DID Document resolved from the DID in the `iss` value.
-In this case, if the `kid` JWT header parameter is present, the `kid` MUST be a relative or absolute
-DID URL of the DID in the `iss` value, identifying the public key.
+- DID Document Resolution: If the `iss` value contains a DID [@W3C.DID], the recipient SHOULD retrieve the public key from the DID Document resolved from the DID in the `iss` value. In this case, if the `kid` JWT header parameter is present, the `kid` MUST be a relative or absolute DID URL of the DID in the `iss` value, identifying the public key. Support for DID Document Resolution is OPTIONAL.
 - X.509 Certificates: The recipient MUST obtain the public key from the leaf X.509 certificate
 defined by the `x5c`, `x5c`, or `x5t` JWT header parameters of the Issuer-signed JWT and validate the X.509
 certificate chain in the following cases: