kevinlewi
commented
1 year ago The first statement is really just intended to refer to the flexibility that we give to an implementor to not use the same seed for all clients. For instance, they could choose to use a unique seed per client (but of course that seed needs to stay the same between registration and login). I added a sentence which should hopefully help to clarify this in #427
chris-wood
https://github.com/cfrg/draft-irtf-cfrg-opaque/blob/66834054528d1daf4f68d730fb95c15d625006d0/draft-irtf-cfrg-opaque.md?plain=1#L487-L489
https://github.com/cfrg/draft-irtf-cfrg-opaque/blob/66834054528d1daf4f68d730fb95c15d625006d0/draft-irtf-cfrg-opaque.md?plain=1#L792-L793
It says "SHOULD", so I guess it might not actually conflict, but maybe the first statement should link to the second statement.