On 07/08/2016 10:09 AM, Richard Barnes wrote: > You missed the part in Karthik's email where he said that both keys > have to sign both keys :) The current structure has a copy/paste > vulnerability. I went ahead fixed this in the current > parallel-signature structure... Good point. I had misunderstood what the signatures we over, and figured they'd cover all protected headers, but looking again this makes sense. I approve of the change to include oldKey / newKey in the body.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
