Re: [xri] SimpleSign for estabilishing the authenticity of XRD.

[Brian Eaton <beaton@google.com>]

On Thu, Dec 11, 2008 at 1:09 AM, Nat Sakimura <n-sakimura@nri.co.jp> wrote:
> Unfortunately, as fare as I understand, this is exactly the case for XRI
> resolution.
> XRI resolution traverses through Authorities, and each authority returns an
> XRD, pointing to the next authority.
> This means, each XRD will be signed by different authorities. It is the use
> case of the XRI SAML Trusted Resolution.
> Then -- I have not touched the spec for long time, so I maybe wrong.
>
> Perhaps Peter or John could clarify.

I've read Peter's clarification, but I'm still confused about why this
would be a problem for XRD simple sign.  let's say you've got 3
authorities involved in the XRD resolution.

Authority A returns A.xml, signed with A's key.
Authority B returns B.xml, signed with B's key.
Authority C returns C.xml, signed with C's key.

The client verifies the signatures on each of the documents, and that
the pointers from one document to the next are legitimate.  I'm
clearly missing something about the XRI resolution process.  Where
does this process break down?