Works for me. Thanks for the wording! I will publish -05 shortly, which will include this revised wording for R-CERTS.
-d > -----Original Message----- > From: Richard Barnes [mailto:[EMAIL PROTECTED] > Sent: Friday, May 02, 2008 2:17 PM > To: Dan York; 'Dan Wing'; IETF SIP List > Subject: Re: [Sip] R-CERTS in > draft-ietf-sip-media-security-requirements > > Oops, minor revision to please the cert police (who will notice that > trust anchors are not certificates). > > R-CERTS: > The media security key management protocol MUST NOT constrain > the set of > trust anchors that a peer can use to validate certificates > used in the > protocol. > > --RB > > > > Richard Barnes wrote: > >> DY> I guess I could see the possibility of a "protocol" > being created > >> where it was mandated that the endpoints had to do a check > of a cert > >> against central public CAs. That's not what I think we > want. Perhaps > >> I am using a wider definition of a "protocol" than you are. > > > > Ah, that gives me an idea. What you're trying to rule out > is a protocol > > that says "You MUST only accept a cert that chains to an issuer X" > > (where X=Verisign, for example). What this requirement is > really saying > > is that the protocol needs to stay out of the way of the policy. > > > > So how about this for a requirement: > > > > R-CERTS: > > The media security key management protocol MUST NOT > constrain the set of > > certificates that can be used as trust anchors in > certificate verification. > > > > > > --RB > > > > _______________________________________________ > > Sip mailing list https://www.ietf.org/mailman/listinfo/sip > > This list is for NEW development of the core SIP Protocol > > Use [EMAIL PROTECTED] for questions on current sip > > Use [EMAIL PROTECTED] for new developments on the application of sip > > > > > _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
