[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Question about Trusted Resolution
Drummond and Gabe, I have a question. On today's XRI TC we discussed SAML trusted resolution and its relationship to, given an i-name, discovering its public key in such a way that I can trust the public key. It was suggested that it would be a smart thing for ooTao implementations not to use SAML Trusted Resolution but to introduce a VeriSign-rooted certificate hierarchy that parallels the XRI authority hierarchy for delegated authorities. Each delegated authority would have its on Cert. This may be a good mechanism to ensure that the public key I get back for @ootao*andy is not spoofed, but I'm still using HTTPS (not SAML) Trusted Resolution to get back the SEP URI for @ootao*andy's OpenID service (and all other services, including something that might even be a "key service".) (I'm pretty sure that Gabe brought up this same or a related point during the call.) Here's the question: If I trust HTTPS Trusted Resolution to get the URI for @ootao*andy's OpenID service, why shouldn't I trust HTTPS Trusted Resolution to get back the public key for @ootao*andy? Thx, ~ Steve
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]