> DY> I guess I could see the possibility of a "protocol" being created > where it was mandated that the endpoints had to do a check of a cert > against central public CAs. That's not what I think we want. Perhaps > I am using a wider definition of a "protocol" than you are.
Ah, that gives me an idea. What you're trying to rule out is a protocol that says "You MUST only accept a cert that chains to an issuer X" (where X=Verisign, for example). What this requirement is really saying is that the protocol needs to stay out of the way of the policy. So how about this for a requirement: R-CERTS: The media security key management protocol MUST NOT constrain the set of certificates that can be used as trust anchors in certificate verification. --RB _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
