Oops, minor revision to please the cert police (who will notice that trust anchors are not certificates).
R-CERTS: The media security key management protocol MUST NOT constrain the set of trust anchors that a peer can use to validate certificates used in the protocol. --RB Richard Barnes wrote: >> DY> I guess I could see the possibility of a "protocol" being created >> where it was mandated that the endpoints had to do a check of a cert >> against central public CAs. That's not what I think we want. Perhaps >> I am using a wider definition of a "protocol" than you are. > > Ah, that gives me an idea. What you're trying to rule out is a protocol > that says "You MUST only accept a cert that chains to an issuer X" > (where X=Verisign, for example). What this requirement is really saying > is that the protocol needs to stay out of the way of the policy. > > So how about this for a requirement: > > R-CERTS: > The media security key management protocol MUST NOT constrain the set of > certificates that can be used as trust anchors in certificate verification. > > > --RB > > _______________________________________________ > Sip mailing list https://www.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol > Use [EMAIL PROTECTED] for questions on current sip > Use [EMAIL PROTECTED] for new developments on the application of sip > > _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
