From d0af966fde28636d12d7f6918e485e9f38173763 Mon Sep 17 00:00:00 2001 From: Christopher Wood Date: Thu, 21 Sep 2023 17:58:12 -0400 Subject: [PATCH] Update draft-ietf-privacypass-protocol.md Co-authored-by: Tommy Pauly --- draft-ietf-privacypass-protocol.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/draft-ietf-privacypass-protocol.md b/draft-ietf-privacypass-protocol.md index 59547a24..9aaa7e8f 100644 --- a/draft-ietf-privacypass-protocol.md +++ b/draft-ietf-privacypass-protocol.md @@ -179,8 +179,8 @@ Beyond staging keys with the "not-before" value, Issuers MAY advertise multiple Issuers indicate preference for which token key to use based on the order of keys in the list, with preference given to keys earlier in the list. Clients SHOULD use the first key in the "token-keys" list that either does not have a -"not-before" value or has a "not-before" value in the past, as this key is most -likely to be valid in the given time window. Origins can attempt +"not-before" value or has a "not-before" value in the past, since the first such key is the +most likely to be valid in the given time window. Origins can attempt to use any key in the "token-keys" list to verify tokens, starting with the most preferred key in the list. Trial verification like this can help deal with Client clock skew.