From 8c8811c13882d42777ca6de04164434a756413c6 Mon Sep 17 00:00:00 2001
From: Yaron Sheffer <yaronf.ietf@gmail.com>
Date: Sun, 13 Oct 2024 19:10:54 +0300
Subject: [PATCH] Update draft-ietf-wimse-s2s-protocol.md

Co-authored-by: jsalowey <joe@salowey.net>
---
 draft-ietf-wimse-s2s-protocol.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/draft-ietf-wimse-s2s-protocol.md b/draft-ietf-wimse-s2s-protocol.md
index ee6cf9b..af058d3 100644
--- a/draft-ietf-wimse-s2s-protocol.md
+++ b/draft-ietf-wimse-s2s-protocol.md
@@ -519,7 +519,10 @@ and/or in specific deployment scenarios.
 - In general, Message Signatures provide greater flexibility compared to
 the DPoP-inspired approach. The draft (and subsequent implementations) can decide
 whether specific aspects of message signing, such as coverage of particular fields,
-should be mandatory or optional.
+should be mandatory or optional. Covering more fields will constrain the proof
+so it cannot be easily reused in another context, which is often a security improvement. The DPoP inspired approach could
+be designed to include extensibility to sign other fields, but this makes it closer to
+trying to reinvent message signatures.
 
 # Using Mutual TLS for Service To Service Authentication {#mutual-tls}