At 9:51 AM -0700 6/28/07, Santosh Chokhani wrote:
Steve and Sharon, I am firmly with Paul. 3280 does not require (albeit does not prohibit) to associate initial values with a trust anchor which is different from associating these with a path validation process. It is one thing to initialize path validation based on application need and another to associated shades of gray with different TAs used by the RP.
Yo are right that 3280 does not say explicitly that one initializes path validation parameters from a TA. But, these values have to come from somewhere, and I think we agree that in general, these parameters may differ for different TAs. That strongly argues for a capability to bundle the basic TA data wit these parameters. The fact that one usually is not provided with a management interface that allows that is a problem we should try to address under the heading of TA management,
Steve