pub fn attachment_identity_basis(
ox: Option<&str>,
nonce: &str,
url: &str,
) -> StringExpand description
Identity basis for a RECEIVED attachment: the sender’s ox (plaintext
hash) when provided — it’s what enables honest cross-message dedup — else
a digest of nonce+url. Never the raw nonce: senders can and do reuse
nonces, which cross-bound DIFFERENT files to one identity (the “new image
renders as an old one” class). The upload URL is unique per ciphertext,
so the digest is collision-resistant even against nonce reuse. Nothing
honest ever writes a file under the digest name, so existence of one is
never proof of download — reuse decisions stay with the content-verified
download path.