[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] XRD trusted discovery workflow
On Tue, Dec 9, 2008 at 8:35 PM, Dirk Balfanz <balfanz@google.com> wrote: > If so, why have <Delegation> > point to a key name? Shouldn't rather point to a canonical_id, so that we > can use the basic verification step mentioned above (seems like otherwise > the basic verification step doesn't apply to the case where I have both a > canonical_id and a keyName going in to the verification step). I can't express this with any kind of strong technical confidence, but my gut feeling is that the canonical ID describes what you are looking for. The key name describes who you expect to sign what you are looking for. Would you ever attempt discovery on a key name? I don't think so. This is all a little little mushy, because given a canonical ID you can always tell whether a given key is authoritative for that canonical ID. So a canonical ID would absolutely work as a key name. Just from a vocabulary standpoint keeping them separate might be worthwhile.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]