On Nov 7, 2012, at 9:09 PM, Randy Bush <[email protected]> wrote: >> In your example, is sita taking on this responsibility on behalf of rama >> and hanuman? > > no need. this is object based security. rama and hanuman have tals and > validate.
This would leave Rama and hanuman dependent on the CA services but not aware of the CPS term and conditions despite the explicit requirement specified in the PKIX profile? If instead they get the TAL from the RIR CA (once), then they can then readily validate the objects but will also be aware of the relevant CA certificate policies that are to be considered before establishing reliance on these services. /John _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
