-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
"Paul" == Paul Hoffman <paul.hoffman@xxxxxxxx> writes:
>> I am talking about associating certificate policies with a TA. I
>> am not talking about managing the certificate policies for a CA
>> or PKI.
>>
>> Associating certificate policies with a TA is very much relying
>> party decision. The relying party can choose to trust a TA for
>> subset of the policies for a PKI domain.
Paul> Quite right. It's hard for those of us who have been swimming
Paul> in the PKIX waters for so long to remember that the relying
Paul> party gets to make his/her own decisions and don't have to
Paul> rely only on what is in a certificate.
That's why reviewing the SPKI stuff is important.
SPKI is about this realization.
Only the relying party can make this decision.