vc-jose-cose cannot restrict use of specific JWT Claim Names "in any JWT Claim Set"

[TallTed]

Originally posted by @TallTed in #304 (comment)

Is this accurate? We're restricting use of JWT Claim Names vc and vp in any JWT Claim Set, even a JWT Claim Set that does not encode a Verifiable Credential or Verifiable Presentation?

[decentralgabe]

line in question https://github.com/w3c/vc-jose-cose/blob/main/index.html#L607

[TallTed]

The text that was problematic:

                  The JWT Claim Names <code>vc</code> and <code>vp</code>
                  MUST NOT be present in any JWT Claim Set.

— has been changed to this —

                  The JWT Claim Names <code>vc</code> and <code>vp</code>
                  MUST NOT be present.

My immediate issue has been mostly resolved (better text might be more explicit about when/where these JWT Claim Names are forbidden), but I am VERY concerned that there's no commit showing the change in the commit history!

[decentralgabe]

this is the commit 41b73cc#diff-0eb547304658805aad788d320f10bf1f292797b5e6d745a3bf617584da017051L287

[TallTed]

That commit changed —

            The JWT Claim Names <code>vc</code> and <code>vp</code>
            MUST NOT be present in any JWT Claims Set that comprises a
            Verifiable Credential or a Verifiable Presentation.

— to —

                  The JWT Claim Names <code>vc</code> and <code>vp</code>
                  MUST NOT be present in any JWT Claim Set.

The missing commit changed present in any JWT Claim Set. to present. as is currently in the main branch.

Wormholes and alternate realities are bad.

[decentralgabe]

@TallTed I believe I found the commit here 5e36a96#diff-0eb547304658805aad788d320f10bf1f292797b5e6d745a3bf617584da017051R410

I agree this was tough to find because of squash merging, which I've disabled.

[TallTed]

As noted on #307, that fixes line ~318.

There were two other similarly-phrased paragraphs, at line ~607 and ~1179, which I found by viewing this file on the main branch, and searching for MUST NOT be present.

(Something else changed while I was doing the above, as ~1179 is no longer present, but ~607 still remains.)

I remain concerned about other changes that may have been made, and then un-made by other squash merges, without being noticed because they're not on spots that have been brought to light by specific review.