Otherwise, you face the possibility not only of having completely new fraudulent credentials but even of, for example, if credentials are updated and attributes are renamed, you might be able to exploit that to use an old credential that has an old name that corresponds to a new attribute name, that means something else. This could cause a lot of problems.