-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/22/2011 01:32 PM, Bruce Lowekamp wrote:
>>From 5.3.4:
> 
> The certificates bucket SHOULD contain all the certificates necessary
>    to verify every signature in both the message and the internal
>    message objects.  This is the only location in the message which
>    contains certificates, thus allowing for only a single copy of each
>    certificate to be sent.  In systems which have some alternate
>    certificate distribution mechanism, some certificates MAY be omitted.
>    However, implementors should note that this creates the possibility
>    that messages may not be immediately verifiable because certificates
>    must first be retrieved.
> 
> 
> This implies that a TURN-SERVICE implementation caches the
> certificates needed for replication.  Will add a note to the
> TURN-SERVICE description for clarification.

OK, but isn't this true also for all other kinds that do not use USER-MATCH or
NODE-MATCH?

> 
> Bruce
> 
> 
> 
> On Sun, Jul 17, 2011 at 1:11 PM, Marc Petit-Huguenin <[email protected]> wrote:
> When storing a TURN-SERVICE kind, the storing peer cannot count on having the
> certificate used to sign the value available locally, because the
> CERTIFICATE_BY_NODE and CERTIFICATE_BY_USER kinds will be stored in a 
> different
> peer.
> 
> Is the intent that the storing peer remotely fetch the certificate for the
> validation or should it fail when the certificate is not sent in the
> certificates field of the SecurityBlock?
> 
> Note that if the request should fail, then it is a problem with replications 
> as
> there is very little chance to have the right certificate in the SecurityBlock
> when the value is replicated.
> 

- -- 
Marc Petit-Huguenin
Personal email: [email protected]
Professional email: [email protected]
Blog: http://blog.marc.petit-huguenin.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4p34wACgkQ9RoMZyVa61eU4ACdH1DM2DJBEkgd5JltNZDo86qL
Mp4AnjMkGXYpPePQ2Vdpeaz/R2Hjb5Zk
=5Y7V
-----END PGP SIGNATURE-----
_______________________________________________
P2PSIP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/p2psip

Reply via email to