[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Does the problem need solving?
At 8:01 PM -0400 6/27/07, Michael Richardson wrote:
-----BEGIN PGP SIGNED MESSAGE-----
"Paul" == Paul Hoffman <paul.hoffman@xxxxxxxx> writes:
>> I am talking about associating certificate policies with a TA. I
>> am not talking about managing the certificate policies for a CA
>> or PKI.
>> Associating certificate policies with a TA is very much relying
>> party decision. The relying party can choose to trust a TA for
>> subset of the policies for a PKI domain.
Paul> Quite right. It's hard for those of us who have been swimming
Paul> in the PKIX waters for so long to remember that the relying
Paul> party gets to make his/her own decisions and don't have to
Paul> rely only on what is in a certificate.
That's why reviewing the SPKI stuff is important.
SPKI is about this realization.
Only the relying party can make this decision.
Sorry, Michael, but I believe Paul wrong in his assertion. Maybe
folks who have been brainwashed by VeriSign think differently, but
PKIX has always operated in a space where configuration of a TA is up
to the RP.