[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Does the problem need solving?




...

There is a large difference between "initialize the path validation parameters" and "can initialize the path validation parameters". I know of no popularly-used system that relies on PKIX certs that allows any initialization of the path validation parameters. I assume that you may know of one or two, but that does not negate what I said above.

What you cite here is evidence of implementations that lack an important management interface component. No disagreement on that. But that does not make PKIX responsible for this missing component.

As an analogy I note that despite the fact the 4301 and 2401 included an explicit requirement for an SPD management capability, the most widely distributed IPsec implementation did not (and still may not) include that capability. Surely you don't blame IPsec for that, do you :-)?

Steve