Correct. The keys are only used for signing JWTs. Trust was established with the vendor out of band from this wire protocol (the URL they scan for public keys).

▲

SahAssar 2 days ago | parent [-]

I'm not sure I understand, but haven't you just moved the problem to the out of band layer? And is that layer not secured using the same normal (somewhat) long-lived TLS as most sites?

I don't think I understand the threat model you are using here?

	▲	bob1029 2 days ago \| parent [-]
		Think of the out of band layer as two human executives exchanging URLs and GUIDs in person. You still need a secure transport, but in this model the thing that is being secured on the wire expires within 15 minutes. The only way to break the model is to defeat a transport or protocol key and only before rotation, revocation and expiration can catch up each time.