>>>>> "DIEGO" == DIEGO LOPEZ GARCIA <[email protected]> writes:
>> The general model is sound and is one Nico and I have been
>> working on for years.
>>
>> It means you're really trusting EAP channel binding. It means
>> whoever runs your ABFAB actually needs to do a quality job of
>> validating servers. However they may have a smaller problem than
>> a global PKI to solve so it may be easir for them to do that.
DIEGO> Would not this be an interesting use case for the trust
DIEGO> router?
Yes! The trust router is great at allowing you to organize a community
that is going to be focused enough to give better trust and security to
its members than a general PKI. We're beginning to see that the most
interesting value in our architecture of the trust router is exactly
that it lets you have a bunch of these little communities running around
and manage them effectively and focus the authentication context.
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
