[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] XRD trusted discovery workflow
On Wed, Dec 10, 2008 at 9:29 AM, John Bradley <jbradley@mac.com> wrote: > > On 10-Dec-08, at 2:09 PM, Breno de Medeiros wrote: > > On Tue, Dec 9, 2008 at 8:35 PM, Dirk Balfanz <balfanz@google.com> wrote: > > Thanks for putting that up, here are a few comments/questions: > > - Both in the PKI and in the out-of-band versions the basic verification > > step seems to go like this: you already have a canonical_id, and you do the > > following: (1) check that the canonical_id in the XRD document is the same > > as the canonical_id you're already holding, (2) verify the signature on the > > document, (3) verify that the key used to sign the document matches the > > canonical_id in the document. Why bother with the canonical_id in the > > document in the first place? Why not just (1) verify the signature, and (2) > > verify that the key used to sign the document matches the canonical_id > > you're already holding? > > Unless the canonical id is used for delegation, it should be optional. > You could have the case where you arrive at the same document with > several canonical_ids. For instance, when you resolve a claimed_id > through /site-meta. > > I think the idea is that an XRD can only have one cannonical_id there may be > multiple URI that resolve to the XRD but only one can be cannonical. I see. > I don't know what we are going to do with the EquivID element, In XRI 2.0 > that would be how you would specify non-cannonical synonyms for the XRD. > > =jbradley -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]