Forbid MAC algorithms and `none`

Right now Section 11.2.1 allows any algorithms in the JWA or LDP Cryptographic Suite registries to be used in the proof of possession provided by the client in a credential request. These registries include MAC algorithms as well as the infamous none algorithm. Neither of these types of algorithm are suitable for authenticating the Holder of a credential. This section should require that the algorithms indicated are digital signature algorithms, not MAC algorithms or none.

Comments (2)