On Tue, 9 Dec 2008, Heather Schiller wrote:
Stephen Kent wrote:
Steve
P.S. Irrespective of my analysis above, yes, I do prefer a singly-rooted
PKI, with IANA as the only TA, but I can live with a set of TAs so long as
I can count them on my fingers, and they all are authoritative for the
resources in question :-).
_______________________________________________
Steve, That's the concern -- what happens if 2 RIR's assert authority to the
same resource?
That was my interpretation of John's concern, too.
I believe that part of the freedom granted to relying parties ("granted"
because there's no way to prevent them) is not only that relying parties
are free to choose their trust anchors, but also that the relying parties
are free to say what they trust their trust anchors to speak
authoritatively for.
So the relying parties can take care to ensure that they do not grant
overlapping authority to their trust anchors. It should be the case that
relying parties who mess that up, mess themselves up, not other people.
--Sandy
--Heather
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
