[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] Re: Proposal for an X.509-based XRI Trust Profile
There is no question that rigorous scrutiny on the matching rules is required, as they can introduce subtle bugs. I will wait for the existing draft to make to the svn though before trying my hand again. On Thu, Jan 21, 2010 at 15:40, Scott Cantor <cantor.2@osu.edu> wrote: > Breno de Medeiros wrote on 2010-01-21: >> 2. Allow root certificates to equal the signer certificate, in which >> case the certificate matching step is not performed. I think this does >> not add too much complexity to the spec. > > You'll probably have to nail that down fairly explicitly, e.g., If the > signing certificate is not equal (byte for byte) to a trusted certificate, > then perform matching as follows... > > Strictly speaking, I think a trust anchor will "validate" with depth 0 > against the set of trust anchors and some code may not be able to tell the > difference easily. > > -- Scott > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > > -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]