-------- Original Message -------- Subject: review of abfab ui draft Date: Tue, 25 Feb 2014 21:00:34 +0000 From: Ken Klingenstein <[email protected]> To: Leif Johansson <[email protected]>, Rhys Smith <[email protected]> Good doc. Well written, seems to address the issues we understand right now (modulo all the still todo's in the draft.) Once comment on the text below -- trust anchors are more complex -- when we use self-signed certs from the enterprises, the metadata signing key is becomes part of the trust. Not sure how to work that concern in. Have a good session in London. Some of us will miss the warm beer. For the identity selector to be able to verify that the server it is going to talk to and attempt to authenticate against is the server that it is expecting, and that it is not being spoofed in some way. This is likely to be an X.509 certificate [TODO X509 ref], or a tuple of (trusted root certificate, servername in Subject or subjectAltName). Ken
_______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
