On Sat, Jul 09, 2022 at 02:03:10PM +0200, Carsten Bormann wrote: > > I think the text in COSE is fine. People just don’t want to read what it > says… > Note that there is nothing about kid that would make you believe all matches > for a kid are “owned by the same party”. That is not even terminology that > COSE defines...
We even already say "The identifier is not structured and can be anything from a **user-provided byte string** to a value computed on the public portion of the key." (emphasis mine). A (malicious) user could clearly provide a byte string that has already been used by a different user. -Ben _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
