Stephen Farrell wrote:
But if the delegator delegated its private key, or if the signer
supplied its public key to the delegator, then the buck might get
moved between them (from their, and not the verifier, perspective),
depending on the details of how the key delegation happened.
For example, if there is >1 copy of the private key, then, in
buck passing terms, we just don't know which signer signed.
I hope that we're not getting wrapped around the axle about this.
As Dave mentioned from our conversation, enrollment of public
keys as an alternative method doesn't suffer from this problem, but
is otherwise the same. That is, s/private/public/g.
NOTE WELL: This list operates according to