> 2. AIA correctness. Does res-certs require validators to reject a > certificate with a messed up AIA URI, even if top-down traversal is ok? > Having clean AIAs obviously helps bottom-up validators. But > validators capable of bottom-up traversal must already defend against > AIA-wild-goose-chase DoS, e.g. by limiting chase depth. Should we > encourage validators to enforce AIA correctness?
as i hope i made clear in taipei, i can see no reason to tolerate useless incorrectness randy, proud to be a naggumite _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
