>This is not the way that a PKI would be expected to work, in general. >A signer of data cannot in general know what TAs RPs may select, so >it is not incumbent on a signer to try to provide multiple signatures >to accommodate this uncertainty.
(This isn't a matter for the minutes, since it wasn't mentioned in the meeting. So I changed the subject.) So you are saying that there is no need for the list of signatures in the ROA that Brian Weiss was showing? Suppose there were a small handful of commonly used trust anchors Would you then say that a list of signatures made sense? (Obviously, if there were a wild plethora of trust anchors in use, trying to list all needed ones would be infeasible. And we don't know which will be the case.) Having a list of single signature ROAs works as well as a single ROA with a list of signatures, I believe. So this is not a functional difference, more an engineering decision. --Sandy _______________________________________________ Sidr mailing list [email protected] https://www1.ietf.org/mailman/listinfo/sidr
