RFC9162 defines merkle trees with some assumptions which might not map well to selective disclosure.
This spec defines merkle trees based on basicaly the "bitcoin / bittorrent" construction + some deterministic salting algorithm.
The binary aspecs of merkle trees and paths are a blocker for all higher order constructs that rely on them.
We need to gain more confidence that a new structure needs to be defined (current path) or find an existing structure we can endorse (what we wish RFC9162 was).
We basically need to split this out into a separate spec, that just describes encoding BMT proofs... and does not cover anything related to JWP for signing a merkle root.
RFC9162 defines merkle trees with some assumptions which might not map well to selective disclosure.
This spec defines merkle trees based on basicaly the "bitcoin / bittorrent" construction + some deterministic salting algorithm.
The binary aspecs of merkle trees and paths are a blocker for all higher order constructs that rely on them.
We need to gain more confidence that a new structure needs to be defined (current path) or find an existing structure we can endorse (what we wish RFC9162 was).