Speaking as regular ol' member >i am trying to understand $subject, and need some help. it seems the
I also don't fully grasp the problem or the solution, and so of course I don't quite grasp how the solution solves the problem. So I would also like some help in understanding. >i.e. the operational problem you fear is that a parent CA shrinking a >child's certificate will not cause the child's CA to shrink subordinate >certificates it has issued, and so on down the tree. I don't quite follow this statement. I didn't think causality was the problem, but lack of synchronization, lack of concurrence in time. In the case of transfer, the child CA is an aware and willing participant. Yes? So child CA could take the action to request the parent split its CA cert into two CA certs and avoid the problem that way. No? But like I said, I don't quite grasp the problem. --Sandy, speaking as regular ol' member ________________________________________ _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
