RE: [xri] trust profiles for XRD

[Sakimura Nat <n-sakimura@nri.co.jp>]

One of the easiest way is to rely on a registry that makes sure that the identifier is not going to be recycled.
Properly run CA's higher assurance cert's Subject is one such example.
XRI registry's persistent XRI (i-numbers) is another example.

Rest is as described in the previous mail.

=nat

________________________________________
差出人: Ben Laurie [benl@google.com]
送信日時: 2008年12月18日 16:53
宛先: Sakimura Nat
CC: George Fletcher; Brian Eaton; XRI TC
件名: Re: [xri] trust profiles for XRD

On Thu, Dec 18, 2008 at 7:11 AM, Nat Sakimura <n-sakimura@nri.co.jp> wrote:
>
>
> Ben Laurie wrote:
>>
>> On Wed, Dec 17, 2008 at 11:20 AM, Nat Sakimura <n-sakimura@nri.co.jp>
>> wrote:
>>
>>>
>>> Thanks Brian for the write up.
>>>
>>> I have added comments to the wiki.
>>>
>>> Basically, it is kind of unfortunate, in addition to what George has
>>> pointed
>>> out, if we consider the case of domain owner change into the scope, it
>>> breaks.
>>>
>>
>> Surely any signing scheme breaks if the owner of the signing authority
>> can change?
>>
>
> In a long run, a signing authority of the XRD and the owner of the domain
> does not have to match.
> Sining authority for my XRD that has my CanonicalID is me even if I lose the
> authority over the domain.

So how does this work?