The Attester MAY also add additional context information, but MUST NOT add information that will uniquely identify a Client.
This sentence does not seem to prevent an attester to reduce the anonymity pool to (for example) 2 users, as they would not “add information that will uniquely identity a Client”.
What kind of additional context would be allowed? Do we need such additional context?
If yes, is there a way to be more prescriptive in the wording to ensure that the above “attack” on the size of the anonymity is not doable?
Section 5.4 says
This sentence does not seem to prevent an attester to reduce the anonymity pool to (for example) 2 users, as they would not “add information that will uniquely identity a Client”.