2021-07-10 UTC
# Zegnat Reading the iss draft now, those mix-up attacks were what I was thinking of wrt having multiple resources specified when sending a ticket. Trying to trick a client to leak its token to a resource I control. Just could not actually come up with a scenario that would sufficiently trick a client