OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xri] XRD trusted discovery workflow

On Tue, Dec 9, 2008 at 8:35 PM, Dirk Balfanz <balfanz@google.com> wrote:
> If so, why have <Delegation>
> point to a key name? Shouldn't rather point to a canonical_id, so that we
> can use the basic verification step mentioned above (seems like otherwise
> the basic verification step doesn't apply to the case where I have both a
> canonical_id and a keyName going in to the verification step).

I can't express this with any kind of strong technical confidence, but
my gut feeling is that the canonical ID describes what you are looking
for.  The key name describes who you expect to sign what you are
looking for.  Would you ever attempt discovery on a key name?  I don't
think so.

This is all a little little mushy, because given a canonical ID you
can always tell whether a given key is authoritative for that
canonical ID.  So a canonical ID would absolutely work as a key name.
Just from a vocabulary standpoint keeping them separate might be
worthwhile.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]