[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xri] trust profiles for XRD
One of the easiest way is to rely on a registry that makes sure that the identifier is not going to be recycled. Properly run CA's higher assurance cert's Subject is one such example. XRI registry's persistent XRI (i-numbers) is another example. Rest is as described in the previous mail. =nat ________________________________________ 差出人: Ben Laurie [benl@google.com] 送信日時: 2008年12月18日 16:53 宛先: Sakimura Nat CC: George Fletcher; Brian Eaton; XRI TC 件名: Re: [xri] trust profiles for XRD On Thu, Dec 18, 2008 at 7:11 AM, Nat Sakimura <n-sakimura@nri.co.jp> wrote: > > > Ben Laurie wrote: >> >> On Wed, Dec 17, 2008 at 11:20 AM, Nat Sakimura <n-sakimura@nri.co.jp> >> wrote: >> >>> >>> Thanks Brian for the write up. >>> >>> I have added comments to the wiki. >>> >>> Basically, it is kind of unfortunate, in addition to what George has >>> pointed >>> out, if we consider the case of domain owner change into the scope, it >>> breaks. >>> >> >> Surely any signing scheme breaks if the owner of the signing authority >> can change? >> > > In a long run, a signing authority of the XRD and the owner of the domain > does not have to match. > Sining authority for my XRD that has my CanonicalID is me even if I lose the > authority over the domain. So how does this work?
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]