From 01f5d2f2115ee3a9179e9c49761e47c18e9ea875bae5529b2cd49554783cde90 Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Tue, 4 Mar 2025 19:36:45 +0300
Subject: [PATCH] Optional /id

---
 spec/cm/encrypted.cddl | 2 +-
 spec/cm/encrypted.texi | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/spec/cm/encrypted.cddl b/spec/cm/encrypted.cddl
index 4a888d7..ddc4d91 100644
--- a/spec/cm/encrypted.cddl
+++ b/spec/cm/encrypted.cddl
@@ -1,5 +1,5 @@
 cm-encrypted = {
-    id: uuid,
+    ? id: uuid,
     dem: dem,
     kem: [+ kem],
     ? payload: bytes,
diff --git a/spec/cm/encrypted.texi b/spec/cm/encrypted.texi
index 5c5c957..3744d6b 100644
--- a/spec/cm/encrypted.texi
+++ b/spec/cm/encrypted.texi
@@ -47,8 +47,9 @@ If KEM uses public-key based cryptography, then recipient's
 signatures at all. Optional @code{/kem/*/to}, public key's fingerprint,
 may provide a hint to quickly search for the key on the recipient's side.
 
-@code{/id} is used in KEMs for domain separation. UUIDv4 is recommended.
-Can be null for privacy reasons.
+Optional @code{/id} is used in KEMs for domain separation and envelope
+identification. UUIDv4 is recommended. If absent, then null UUID is used
+in KDF.
 
 @node Key wrapping
 @cindex key wrapping
-- 
2.48.1