I noticed that on page 31 of the current ePrint version that, if a user processes a commit that removes them, the algorithm does not seem to function correctly (Proc-CM, Figure 8). That is, as far as I can tell, the removed user will then execute PP(…) and *roster-pos(…) (whose behaviour is undefined here) and so on, rather than returning. Pretty minor in the scheme of things (the paper is very long!)

Edit: This seems also to be the case for the R/TreeKEM algorithm specifications. It seems that processing removals is dealt with properly in the SGM/CGKA security definitions (the semantics are such that the ‘new’ state of the group is output as GI even when removed but the caller’s state should become ‘useless’). Maybe I am missing something.