[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Does the problem need solving?
There is a large difference between "initialize the path validation
parameters" and "can initialize the path validation parameters". I
know of no popularly-used system that relies on PKIX certs that
allows any initialization of the path validation parameters. I
assume that you may know of one or two, but that does not negate
what I said above.
What you cite here is evidence of implementations that lack an
important management interface component. No disagreement on that.
But that does not make PKIX responsible for this missing component.
As an analogy I note that despite the fact the 4301 and 2401 included
an explicit requirement for an SPD management capability, the most
widely distributed IPsec implementation did not (and still may not)
include that capability. Surely you don't blame IPsec for that, do