Randy,
I would like to add some more text, based on discussions with RP
software developers,
e.g., Rob and Andrew, and an analysis of a couple of SIDR RFCs
RFC 6486 (TAL) states that no manifest will enumerate the self-signed
certificate
representing a trust anchor. RFC 6487 (Repository Structure) says that
every signed
object at a publication point is enumerated in the manifest published for a
publication point. Thus the self-signed certificate representing a trust
anchor MUST NOT
be stored in a repository publication point. It is stored in a file
independent of
repository publication points, and pointed to by the URI in the TAL.
This file may be
stored on the same server(s) that are used to store repository
publication points.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
