RE: Does the problem need solving?

[Stephen Kent <kent@xxxxxxx>]

At 10:46 AM -0700 6/27/07, Paul Hoffman wrote:
> At 10:28 AM -0700 6/27/07, Santosh Chokhani wrote:
> > I am talking about associating certificate policies with a TA.  I am not
> > talking about managing the certificate policies for a CA or PKI.
> >
> > Associating certificate policies with a TA is very much relying party
> > decision.  The relying party can choose to trust a TA for subset of the
> > policies for a PKI domain.
>
> Quite right. It's hard for those of us who have been swimming in the 
> PKIX waters for so long to remember that the relying party gets to 
> make his/her own decisions and don't have to rely only on what is in 
> a certificate.
>
> --Paul Hoffman, Director
> --VPN Consortium

I'm surprised to hear you say that.

PKIX has always operated in the space where RPs select TAs, and 
initialize the path validation parameters. What aspects of PKIX 
standards do you believe leads folks to think otherwise?

Steve