[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xri] subject sets (also sort of: Agenda for August 6, 2009 call)
Eran Hammer-Lahav wrote on 2009-08-07: > We need a simple way to verify the association between the Subject of the > XRD and the certificate used to sign it. The requirement we have is to have > a way to guarantee that the same entity which controls the domain name in > the Subject, controls the certificate as well, and signed the XRD. > > You can sign an XRD using anything, but our focus has been on the resource > owner being able to describe the resource (Subject) and sign it in a way > that a client can confirm that it was really the resource owner who > described it. Since we are dealing with many limitations, we decided to > limit this to the authority level (which is defined in 3896). That's all perfectly appropriate for a profile, but I think it's orthogonal to the basic XRD specification. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]