Open LudwigSeitz opened 5 years ago
Note this text in the previous paragraph:
For asymmetric keys, the Key ID value is normally going to be generated by the CWT recipient, thus the possibility of collisions is greater.
This also seems wrong ...
I think this whole bullet list is underspecified. Mike, git blame seems to indicate you wrote this, can you have a look?
Specifically I don't quite understand how the recipient would set a key ID for a presenter's key and communicate this information to the issuer and the presenter.
In PR #27 I deleted the respective text. While it may be that there are some corner cases where a recipient rejects the communication attempts from the presenter those are failure cases because state got out of sync. If that's true then a new protocol exchange is needed. I am not sure we need to describe those unless we want to create a specific status code in a protocol for it; this document would then be the wrong place to do so...
Discussion from Ben's review:
It's not entirely clear to me that we need to add more text here, but if we did, it would focus on what "decide not to use" means at a protocol level, and perhaps how the CWT might not "fit the recipient's requirements" (e.g., the key id having fallen out of cache as you describe).