Note: We omitted the algorithm and the public key from this object because they have security implications:
algorithm: Can be misused by an attacker - the public key was generated for a specific algorithm, so if different
algorithms shall be supported, then the algorithm needs to be paired with the public key
public key: Developers might think, that it is enough to test the signature against the public key stored here.
But the key is not trustworthy, until cleared by the key- / identity management.
Drawback is, that you need to test all available keys for this identity, because you do not know
which key was used. This can be made better by a hint (giving keys unique ids and using this id here
instead of storing the whole public key)
The issuer is also not trustworthy, until you checked the signature and know that the person uses this key. We could
also omit the issuer, but then we would need to test all known keys of all persons and this would take too much time.
Represents a digital signature.
Note: We omitted the algorithm and the public key from this object because they have security implications: