Fix spec to specify that "look up signing keys" returns the six most recent non-expired keys (or three for PMBTokens).

Question

Fix spec to specify that "look up signing keys" returns the six most recent non-expired keys (or three for PMBTokens).

dvorak42 opened this issue a year ago · 1 comments

signingKey should generally refer to a set of keys, except for insert token (which should bind to the specific key that the token was issued against).

Answer 1 · 2023-05-31T15:12:53.000Z

Define the specific algorithm for selecting the 6 non-expired keys (sort by expiry and then by raw byte ordering).