I've confirmed that the effect of signed token revocation is reversed when the token is expires (as envisaged in the previous comment).
IMO this should be reflected in the impact description, e.g. by adding the line:
"The effect of signed token revocation is also reversed when the token expires, in the sense that a revoked token is once again treated as being valid."
I've confirmed that the effect of signed token revocation is reversed when the token is expires (as envisaged in the previous comment).
IMO this should be reflected in the impact description, e.g. by adding the line:
"The effect of signed token revocation is also reversed when the token expires, in the sense that a revoked token is once again treated as being valid."