OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xri] XRD trusted discovery workflow


On Wed, Dec 10, 2008 at 9:29 AM, John Bradley <jbradley@mac.com> wrote:
>
> On 10-Dec-08, at 2:09 PM, Breno de Medeiros wrote:
>
> On Tue, Dec 9, 2008 at 8:35 PM, Dirk Balfanz <balfanz@google.com> wrote:
>
> Thanks for putting that up, here are a few comments/questions:
>
> - Both in the PKI and in the out-of-band versions the basic verification
>
> step seems to go like this: you already have a canonical_id, and you do the
>
> following: (1) check that the canonical_id in the XRD document is the same
>
> as the canonical_id you're already holding, (2) verify the signature on the
>
> document, (3) verify that the key used to sign the document matches the
>
> canonical_id in the document. Why bother with the canonical_id in the
>
> document in the first place? Why not just (1) verify the signature, and (2)
>
> verify that the key used to sign the document matches the canonical_id
>
> you're already holding?
>
> Unless the canonical id is used for delegation, it should be optional.
> You could have the case where you arrive at the same document with
> several canonical_ids. For instance, when you resolve a claimed_id
> through /site-meta.
>
> I think the idea is that an XRD can only have one cannonical_id there may be
> multiple URI that resolve to the XRD but only one can be cannonical.

I see.


> I don't know what we are going to do with the EquivID element,  In XRI 2.0
> that would be how you would specify non-cannonical synonyms for the XRD.
>
> =jbradley



-- 
--Breno

+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]