Add the following text to section 3.4.
WARNING: The use of a Key ID in a POP CWT needs to be carefully circumcised.
Where the Key ID is not a cryptographic value derived from the key or where
all of the parties involved are not validating the cryptographic derivation,
it is possible to get into si
Should be circumscribed not circumcised although the first does echo my
personal feelings.
Jim
> -Original Message-
> From: Ace On Behalf Of Jim Schaad
> Sent: Wednesday, July 18, 2018 6:13 PM
> To: ace@ietf.org
> Subject: [Ace] Text for KID in POP
>
> Add