[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xri] subject sets (also sort of: Agenda for August 6, 2009call)
That's what we set to do. If the trust section does not provide this as a complete solution, it is pointless. EHL > -----Original Message----- > From: Scott Cantor [mailto:cantor.2@osu.edu] > Sent: Saturday, August 08, 2009 12:07 PM > To: Eran Hammer-Lahav; 'Will Norris'; 'XRI TC' > Subject: RE: [xri] subject sets (also sort of: Agenda for August 6, > 2009 call) > > Eran Hammer-Lahav wrote on 2009-08-07: > > We need a simple way to verify the association between the Subject of > the > > XRD and the certificate used to sign it. The requirement we have is > to > have > > a way to guarantee that the same entity which controls the domain > name in > > the Subject, controls the certificate as well, and signed the XRD. > > > > You can sign an XRD using anything, but our focus has been on the > resource > > owner being able to describe the resource (Subject) and sign it in a > way > > that a client can confirm that it was really the resource owner who > > described it. Since we are dealing with many limitations, we decided > to > > limit this to the authority level (which is defined in 3896). > > That's all perfectly appropriate for a profile, but I think it's > orthogonal > to the basic XRD specification. > > -- Scott >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]