w3c · decentralgabe · Oct 24, 2024 · Oct 24, 2024 · Oct 24, 2024 · Oct 24, 2024
diff --git a/index.html b/index.html
@@ -437,6 +437,8 @@ <h2 id="securing-with-jose">Securing JSON-LD Verifiable Credentials
             <code>vc</code>. 
             The <code>cty</code> header parameter value can be used to differentiate
             between secured content of different types when using <code>vc+jwt</code>.
+            The <code>content type</code> header parameter is optional, and can be used
+            to express a more specific media type than <code>application/vc</code> when one is available.
             See <a data-cite="RFC7515#section-4.1">Registered Header Parameter Names</a>
             for additional details regarding usage of <code>typ</code> and <code>cty</code>.
           </p>
@@ -501,6 +503,8 @@ <h2 id="securing-vps-with-jose">Securing JSON-LD
             <code>vp</code>.
             The <code>cty</code> header parameter value can be used to differentiate
             between secured content of different types when using <code>vp+jwt</code>.
+            The <code>content type</code> header parameter is optional, and can be used
+            to express a more specific media type than <code>application/vc</code> when one is available.
             See <a data-cite="RFC7515#section-4.1">Registered Header Parameter Names</a>
             for additional details regarding usage of <code>typ</code> and <code>cty</code>.
           </p>
@@ -668,6 +672,8 @@ <h2 id="securing-with-sd-jwt">Securing JSON-LD Verifiable Credentials with SD-JW
             When present, the <code>cty</code> header parameter SHOULD be <code>vc</code>.
             The <code>cty</code> header parameter value can be used to differentiate 
             between secured content of different types when using <code>vc+sd-jwt</code>.
+            The <code>content type</code> header parameter is optional, and can be used
+            to express a more specific media type than <code>application/vc</code> when one is available.
             See <a data-cite="RFC7515#section-4.1">Registered Header Parameter Names</a>
             for additional details regarding usage of <code>typ</code> and <code>cty</code>.
           </p>
@@ -740,6 +746,8 @@ <h2 id="securing-vps-sd-jwt">Securing JSON-LD Verifiable Presentations with SD-J
             When present, the <code>cty</code> header parameter SHOULD be <code>vp</code>.
             The <code>cty</code> header parameter value can be used to differentiate
             between secured content of different types when using <code>vp+sd-jwt</code>.
+            The <code>content type</code> header parameter is optional, and can be used
+            to express a more specific media type than <code>application/vc</code> when one is available.
             See <a data-cite="RFC7515#section-4.1">Registered Header Parameter Names</a>
             for additional details regarding usage of <code>typ</code> and <code>cty</code>.
           </p>
@@ -846,14 +854,12 @@ <h2 id="securing-vcs-with-cose">Securing JSON-LD
             The unsecured [=verifiable credential=] is the unencoded COSE_Sign1 payload.
           </p>
           <p>
-            The <code>typ</code> header parameter, as described in
+            The <code>typ (16)</code> header parameter, as described in
             <a data-cite="RFC9596#section-2">COSE "typ" (type) Header Parameter</a>,
             SHOULD be <code>application/vc+cose</code>.
-            When present, the <code>content type (3)</code> header parameter
-            SHOULD be <code>application/vc</code>.
-            The <code>content type (3)</code> header parameter value can be used
-            to differentiate between secured content of different types when using
-            <code>application/vc+cose</code>.
+            The <code>content type (3)</code> header parameter SHOULD be <code>application/vc</code>.
+            The <code>content type</code> header parameter is optional, and can be used
+            to express a more specific media type than <code>application/vc</code> when one is available.
             See <a data-cite="RFC9052#section-3.1">Common COSE Header Parameters</a>
             for additional details.
           </p>
@@ -918,10 +924,15 @@ <h2 id="securing-vps-with-cose">Securing JSON-LD Verifiable Presentations with C
             The unsecured [=verifiable presentation=] is the unencoded COSE_Sign1 payload.
           </p>
           <p>
-            The <code>typ</code> header parameter SHOULD be <code>application/vp+cose</code>.
-            When present, the <code>content type (3)</code> header parameter SHOULD be <code>application/vp</code>.
-            The <code>content type (3)</code> header parameter value can be used to differentiate
-            between secured content of different types when using <code>application/vp+cose</code>.
+            The <code>typ (16)</code> header parameter, as described in
+            <a data-cite="RFC9596#section-2">COSE "typ" (type) Header Parameter</a>,
+            SHOULD be <code>application/vp+cose</code>.
+            The <code>content type (3)</code> header parameter SHOULD be <code>application/vp</code>.
+            The <code>content type</code> header parameter value can be used
+            to differentiate between secured content of different types when using
+            <code>application/vp+cose</code>.
+            The <code>content type</code> header parameter is optional, and can be used
+            to express a more specific media type than <code>application/vc</code> when one is available.
             See <a data-cite="RFC9052#section-3.1">Common COSE Header Parameters</a>
             for additional details.
           </p>