The specification states:

Keyset ID = SHA-256(sorted pubkeys).

To clarify the sorting method:
• The sorting is lexicographical ascending order based on the raw byte representation of each public key.
• This means each public key is treated as a byte string and sorted from lowest to highest byte value, byte-by-byte.
• No Merkle tree or other data structure is involved in the sorting itself; the pubkeys are simply sorted as a list before concatenation and hashing.
• After sorting, the pubkeys are concatenated in that order, and the SHA-256 hash is computed over the entire concatenated byte sequence to produce the Keyset ID.

If the spec text doesn’t explicitly say this, it might be worth adding a short normative clarification for implementers.

Also, this is at least my own interpretation. I may be mistaken and am open to feedback on this.

This is something we need to work on. The current spec doesn't specify the sort, that's a gap. I'll get on it.