[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Does the problem need solving?




At 8:01 PM -0400 6/27/07, Michael Richardson wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


 "Paul" == Paul Hoffman <paul.hoffman@xxxxxxxx> writes:
    >> I am talking about associating certificate policies with a TA.  I
    >> am not talking about managing the certificate policies for a CA
    >> or PKI.
    >>
    >> Associating certificate policies with a TA is very much relying
    >> party decision.  The relying party can choose to trust a TA for
    >> subset of the policies for a PKI domain.

    Paul> Quite right. It's hard for those of us who have been swimming
    Paul> in the PKIX waters for so long to remember that the relying
    Paul> party gets to make his/her own decisions and don't have to
    Paul> rely only on what is in a certificate.

  That's why reviewing the SPKI stuff is important.
  SPKI is about this realization.
  Only the relying party can make this decision.

Sorry, Michael, but I believe Paul wrong in his assertion. Maybe folks who have been brainwashed by VeriSign think differently, but PKIX has always operated in a space where configuration of a TA is up to the RP.

Steve