You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
§2.3.1 Identifying the RC Instance: Editor's note:
It seems clear that an instance identifier is mutually exclusive with most of the fields in the request (eg, we don't want an attacker being able to swap out a client's registered key just by accessing the identifier). However, some proposed concepts might fit alongside an instance identifier that change at runtime, such as device posture or another dynamic attestation. Should these be sent in the "client" block alongside the instance identifier, should there be a separate top-level block for runtime attestations, or some other mechanism?
The text was updated successfully, but these errors were encountered:
§2.3.1 Identifying the RC Instance: Editor's note:
It seems clear that an instance identifier is mutually exclusive with most of the fields in the request (eg, we don't want an attacker being able to swap out a client's registered key just by accessing the identifier). However, some proposed concepts might fit alongside an instance identifier that change at runtime, such as device posture or another dynamic attestation. Should these be sent in the "client" block alongside the instance identifier, should there be a separate top-level block for runtime attestations, or some other mechanism?
The text was updated successfully, but these errors were encountered: