[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] XRD trusted discovery workflow
Ah! My comments inline. Peter Davis wrote: > On Dec 11, 2008, at 6:13 PM, Sakimura Nat wrote: > > >> That is, if it were http://example.com/alice and http://example.com/bob >> , then it should be example.com that signs this. >> > > I am not sure that I agree completely on this for all cases. take, > for example: > > https://example.com/foo/alice > > It is entirely plausible that the naming authority is /foo (not > example.com). Similarly, for: > > https://foo.example.com/foo/alice > > the naming authority _could_ be any of: > > foo.example.com/foo > foo.example.com > example.com > > all of which should be considered valid > Indeed. The above sentence was the summarization of Brian's approach. Like John has explained, my approach differs that I believe each identity should have a cert. In that path, the current discussion is whether to revive SubjectUniqueId or use SubjectAltName. As long as there is a way to know that SubjectAltName indeed is a unique name, I am fine with it. > =peterd > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]