diff --git a/indispensable-josef/src/commonMain/kotlin/at/asitplus/signum/indispensable/josef/io/Encoding.kt b/indispensable-josef/src/commonMain/kotlin/at/asitplus/signum/indispensable/josef/io/Encoding.kt
index 8060c2b5e..8187ebcc2 100644
--- a/indispensable-josef/src/commonMain/kotlin/at/asitplus/signum/indispensable/josef/io/Encoding.kt
+++ b/indispensable-josef/src/commonMain/kotlin/at/asitplus/signum/indispensable/josef/io/Encoding.kt
@@ -16,6 +16,16 @@ val joseCompliantSerializer by lazy {
         prettyPrint = false
         encodeDefaults = false
         classDiscriminator = "type"
+
+        // TODO: unsure whether this is actually ok:
+        //  When receiving a jwt one cannot just ignore unknown headers:
+        /**
+         * https://datatracker.ietf.org/doc/html/rfc7519
+         *    5.   Verify that the resulting JOSE Header includes only parameters
+         *         and values whose syntax and semantics are both understood and
+         *         supported or that are specified as being ignored when not
+         *         understood.
+         */
         ignoreUnknownKeys = true
     }
 }