stef
commented
11 months ago apologies if this is a bit late, but i just had the thought, the way this is now phrased does not address authorization to replace this record. is there any way the previous record+OPAQUE can be used to provide authorization to this operation?
Under Application Considerations, we are adding some text to describe how a password change should be handled: by rerunning the registration protocol as a fresh instance using the new password.