On 2022-07-09, at 19:39, Anders Rundgren <[email protected]> wrote: > > To me the I-D text is utter nonsense; nobody (in their right mind...) would > use the same identifier for multiple keys.
Of course. The attacker would. But, more generally, creating globally unique (including over time) identifiers is not that easy. > Since this (obviously) is not apparent, I immediately updated my "COSE > challenger" docs to indeed require uniqueness: > https://cyberphone.github.io/javaapi/org/webpki/cbor/doc-files/signatures.html#parameters When people say “uniqueness”, they usually have a set of separate cases in mind to each of which the uniqueness applies; I have no idea what yours is. In LAKE, we may want to use the kids h’’, h’00’ etc. a lot, because they have favorable transport representations. Grüße, Carsten _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
