The new text in 5.3.4 says that they should include all certs except for those in a root-cert element. However, as the configuration-signer element specifies who is allowed to sign a config file, the cert bucket in the SecurityBlock may not be empty.
Bruce On Sun, Jun 12, 2011 at 2:10 AM, Michael Chen <[email protected]> wrote: > Hi, > > Section 10.1, last but one paragraph says, "The configuration file is a > binary file ... is signed using the standard SecurityBlock defined in > Section 5.3.4." > > The SecurityBlock includes the GenericCertificate bucket followed by the > Signature. Don't the <roo-cert> elements contain all the necessary > certificates to validate the configuration file? If that is true why > include the GenericCertificate bucket, and why not just the Signature > alone in the base64 encoded and appropriately named <signature> element? > > Thanks > > --Michael > > _______________________________________________ > P2PSIP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/p2psip > _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
