I'm wondering how you think that policy will be distributed and
why it needs signed. …

For instance it might come as part of some software distribution (like a 
browser), and either
you trust all the files in that distribution or you don't.


I agree that an unsigned variant of CLP makes sense.

But it seems to me that if CLP is signed by the certificate that can be 

verified using standard chain of trust, it has some advantages. 


I think it makes perfect sense to sign CLP, because it allows you to separate 
trust in the server you’re downloading the content from and the content itself.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to