Hiya, On 15/04/2019 14:16, mohamed.boucadair@xxxxxxxxxx wrote: >> - p13: The cuid still seems to me to be too static (there's a > > [Med] This is a feature not a bug. This scheme is particularly useful > to recover state, for example, upon reboot or crash of a DOTS client. > Well, fair enough, but FWIW I'm not convinced that a client that can keep state (the private key and other dots stuff) couldn't also as easily keep a cuid value. And ISTM there should also be equally good ways to recommend for generating a cuid that don't have that 1:1 mapping to a key pair. All that said, it's not me needs to be convinced, but the IESG, so probably best to wait and see if they think this is worth changing or not before doing so. S.
Attachment:
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
