This MR does the following:
- Adds a new lemma
to_agree_includedN - Generalizes
auth_update_core_idto only require a fractional authority.
A few remarks/potential points of discussion:
- I've removed the lemma
core_id_local_update. It can't be used to prove the generalizedauth_update_core_idand it doesn't seem useful for anything else. - Instead of changing
auth_update_core_idone could instead have added a new lemma. That would be consistent withauth_both_opandauth_both_frac_op. But, to me it seems like such a simple generalization/specialization is not worth two lemmas. - The proof of
auth_update_core_idcontains a bit of duplication in the two branches. I was not able to cut down on it (my attempts only resulted in larger proofs), but maybe someone else can😄