On Tue, Mar 11, 2008 at 07:57:13AM -0600, Danny McPherson wrote: > So, I'm sure suspect I'm missing something here, could folks > please help me better understand both incremental deployment > models and how the above isn't an issue?
Multiple trust anchors and multiple ROAs. The current ROA model, presuming I'm not misinterpreting the PKI in the drafts, only lets you trace your trust path up one chain. While it'd be nice to trace the trust path to multiple trust anchors from a single ROA, I suspect that the way these ROAs are built wouldn't permit this. See sec 2.4 of the architecture document. -- Jeff _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
