On 21/07/11 12:42 PM, "Randy Bush" <[email protected]> wrote:
>> I would prefer, given the identified case, that where a situation
>> exists that a manifest is is non-existent or discarded that the entire
>> publication point MUST be considered suspicious and not used for
>> validation of operational objects. I would be fine if the GB object
>> were still validated and used for human contact reasons with
>> sufficient warnings about lack of trust.
>
> off the bloody wall. the trust is gained through the cert chain.
very well, "if the GB still validates through the cert chain."
Provided of course that you have a valid GB object since without a manifest
a simple `cp 00001.gbr 00001.cer` will fail to validate under the assumption
you make the validation selection regime based on filename extension.
Terry
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
