Subject: Re: [security-services] Trust management and validation viametadata
I suppose I don't understand what is broken / what we need to fix. Why does the KeyInfo need to reference the root CA? I just assumed that if someone wanted indirect trust they would always use a X509 certificate-chain (containing the root CA and any subordinate CA info). So is the problem when X509 is not used?