In Sec. 7.1 we allow the client to include multiple keys of different formats, provided they are "equivalent".
This doesn't make sense, because the only reason to send multiple keys is that the sender suspects that the recipient doesn't understand one of the formats. But if that's the case, the recipient is not able to validate the MUST requirement that the two formats be equivalent.
This could also lead to interesting key injection attacks.
IMO we should only allow one key value/format for each request.
jricher
commented
2 years ago
In Sec. 7.1 we allow the client to include multiple keys of different formats, provided they are "equivalent".
This doesn't make sense, because the only reason to send multiple keys is that the sender suspects that the recipient doesn't understand one of the formats. But if that's the case, the recipient is not able to validate the MUST requirement that the two formats be equivalent.
This could also lead to interesting key injection attacks.
IMO we should only allow one key value/format for each request.