>From 5.3.4: The certificates bucket SHOULD contain all the certificates necessary to verify every signature in both the message and the internal message objects. This is the only location in the message which contains certificates, thus allowing for only a single copy of each certificate to be sent. In systems which have some alternate certificate distribution mechanism, some certificates MAY be omitted. However, implementors should note that this creates the possibility that messages may not be immediately verifiable because certificates must first be retrieved.
This implies that a TURN-SERVICE implementation caches the certificates needed for replication. Will add a note to the TURN-SERVICE description for clarification. Bruce On Sun, Jul 17, 2011 at 1:11 PM, Marc Petit-Huguenin <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > When storing a TURN-SERVICE kind, the storing peer cannot count on having the > certificate used to sign the value available locally, because the > CERTIFICATE_BY_NODE and CERTIFICATE_BY_USER kinds will be stored in a > different > peer. > > Is the intent that the storing peer remotely fetch the certificate for the > validation or should it fail when the certificate is not sent in the > certificates field of the SecurityBlock? > > Note that if the request should fail, then it is a problem with replications > as > there is very little chance to have the right certificate in the SecurityBlock > when the value is replicated. > > - -- > Marc Petit-Huguenin > Personal email: [email protected] > Professional email: [email protected] > Blog: http://blog.marc.petit-huguenin.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iEYEARECAAYFAk4jF7QACgkQ9RoMZyVa61d/mQCgnL3vndPpYAJds03IvXnYZprE > MmsAoITz6U97WHeyIone4md7hwYFIxNW > =BPUG > -----END PGP SIGNATURE----- > _______________________________________________ > P2PSIP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/p2psip > _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
