OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [xri] Re: Proposal for an X.509-based XRI Trust Profile


Breno de Medeiros wrote on 2010-01-21:
> 2. Allow root certificates to equal the signer certificate, in which
> case the certificate matching step is not performed. I think this does
> not add too much complexity to the spec.

You'll probably have to nail that down fairly explicitly, e.g., If the
signing certificate is not equal (byte for byte) to a trusted certificate,
then perform matching as follows...

Strictly speaking, I think a trust anchor will "validate" with depth 0
against the set of trust anchors and some code may not be able to tell the
difference easily.

-- Scott




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]