On Nov 14, 2011, at 10:07 PM, Christopher Morrow wrote: > On top of that if the resource is then re-certified (to the same or > different end entity) how do the intermediate parties know which is > the 'right' thing to do?
Agreed.. It's critical to highlight that LTA doesn't fix anything here unless this is accommodated by all parties in the transaction path. Furthermore, because CAs can be compromised (as we've seen with many CAs whose @day_job IS security), and today anyone in your TAL list can assert authority for any resources (as many are currently doing currently), without the ability to filter this or scope it in some manner it could be really problematic. -danny _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
