clarify why you would have multiple keys

mlswg · Nov 7, 2023 · ab20078 · ab20078
1 parent d4622d3
commit ab20078
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/draft-ietf-mls-architecture.md b/draft-ietf-mls-architecture.md
@@ -1096,11 +1096,14 @@ deployments for them to interoperate:
 - A policy of how to protect and share the GroupInfo objects needed for
   external joins.
 
-- A policy for when two credentials represent the same client. Note that many
-  credentials may be issued authenticating the same identity but for different
-  signature keys, because each credential corresponds to a different device
-  (client) owned by the same application user. However, one device may control
-  many signature keys but should still only be considered a single client.
+- A policy for when two credentials represent the same client. Note
+  that many credentials may be issued authenticating the same identity
+  but for different signature keys, because each credential
+  corresponds to a different device (client) owned by the same
+  application user. However, one device may control multiple signature
+  keys -- for instance if they have keys corresponding to multiple
+  overlapping time periods -- but should still only be considered a
+  single client.
 
 - A policy on how long to allow a member to stay in a group without updating its
   leaf keys before removing them.