>>>>> "Alan" == Alan DeKok <[email protected]> writes:
>> I'm sort of imagining an attribute that the proxy includes
>> indicating it has performed some check and the policy applied to
>> perform that check. I'm not entirely sure what level of
>> granularity is required. I'm wondering if there are participants
>> who would be interested in working through details of this?
Alan> I think it would be useful. Sharing information is a good
Alan> idea.
It's important to understand this probably isn't going to be a
cryptographic assurance. The intent is to allow phased deployment and
to catch configuration errors, not to catch compromised proxies.
Alan> For simplicity, it would probably be best if there was no
Alan> negotiation. i.e. the proxy just says "I did this".
Alan> Any negotiation about which checks need to be done is
Alan> probably an issue for contracts, lawyers, etc.
I strongly agree that negotiation would be highly problematic here.
--Sam
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
