Clarifying the use of multiple client seeds

cfrg · Oct 4, 2023 · 46f5816 · 46f5816
1 parent 6683405
commit 46f5816
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/draft-irtf-cfrg-opaque.md b/draft-irtf-cfrg-opaque.md
@@ -485,8 +485,10 @@ protocol; see {{configurations}} for details.
 The server chooses a pair of keys (`server_private_key` and `server_public_key`)
 for the AKE, and chooses a seed (`oprf_seed`) of `Nh` bytes for the OPRF.
 The server can use `server_private_key` and `server_public_key` with multiple
-clients and can opt to use multiple seeds (so long as they are kept consistent for
-each client).
+clients. The server can also opt to use different seeds for each client,
+so long as they are maintained across the registration and online AKE stages, and
+kept consistent for each client (since an inconsistent mapping of clients to seeds
+could leak information as described in {{preventing-client-enumeration}}).
 
 ## Offline Registration