Eric Rescorla wrote:
At Fri, 25 Jul 2008 11:13:22 -0500,
Thierry Moreau wrote:
It would allow a server to announce its preferred trusted CAs
(fulfilling R-EXISTING) *AND* its willingness to accept "auto-issued"
certificates. An EE having (genuine) certificates from CA-1 and CA-2
would select among these two per server expressed preferences. I guess
you see the point.
Yes, this seems to me to be of relatively modest value. In any
case, this is a feature which could easily be added at some point
in the future if such a fake CA ever existed.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
There is now a draft, i.e. draft-moreau-pkix-aixcm-00.txt
https://datatracker.ietf.org/drafts/draft-moreau-pkix-aixcm/
Don't forget that the fake CA does not exist, it is just a standardized
distinguished name for indicating a (breached, explicit meaningless,
fake) public domain private signature key. Accordingly, the SIP wg could
standardize its "own" distinguished name to indicate its "own" public
domain private signature key.
Regards,
--
- Thierry Moreau
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
