On Fri, Jun 22, 2018 at 08:48:35PM +0000, Mike Jones wrote: > See my note just now proposing this text to Jim: > > "Likewise, if PoP keys are used for multiple different kinds of CWTs in an > application and the PoP keys are identified by Key IDs, care must be taken to > keep the keys for the different kinds of CWTs segregated so that an attacker > cannot cause the wrong PoP key to be used by using a valid Key ID for the > wrong kind of CWT." > > As long as the PoP keys for different contexts are kept segregated, Key ID > collisions or reuse cause no problems.
If we trust everyone to implement things properly. We should probably only take that risk if we get some other benefit from it, though. Jim mentioned (off-list?) a scenario involving giving the same client additional privileges, and of course we can gain some simplicity savings if we don't need to enforce global key-id uniqueness (for appropriate values of "global"). So this may well be the right thing to do; I just don't think it's without tradeoffs as your text seems to imply. -Ben _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace