From dc0e291518b1a59ed7b74d7eebb828e283b1a6d0 Mon Sep 17 00:00:00 2001
From: Matthieu Bosquet <matthieu@cognithive.com>
Date: Fri, 30 Jul 2021 17:26:05 +0100
Subject: [PATCH] Clarify verifiable claims TLS requirement.

---
 index.bs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/index.bs b/index.bs
index 6160a23..6616292 100644
--- a/index.bs
+++ b/index.bs
@@ -455,6 +455,8 @@ specification.
 
 All tokens, Client, and User credentials MUST only be transmitted over TLS.
 
+All resources required to verify claims: Issuer, WebID and Client WebID; MUST only be transmitted over TLS.
+
 ## Client IDs ## {#security-client-ids}
 
 An RS SHOULD assign a fixed set of low trust policies to any client identified as anonymous.