At 2:37 PM -0500 12/12/08, Andrew Newton wrote:
...
Steve,
I want to be sure I understand this. The double allocation conflict
can originate from anywhere in the tree, even from the root, right?
So this conflict is only tangential to the nature of the trust anchor(s)?
-andy
Yes, that's right. The use of 3779 extensions does not prevent an
authorized holder of resources from issuing two certs for a subset of
the resources. It does provide hard evidence of such an allocation,
which in itself helps identify where an error was made, if indeed,
the actions reflects an error (e.g., vs. a transfer of the resource).
Use of CRLs also allows one to remedy an error in a highly visible
fashion.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
