On 15 Dec 2011, at 12:26 , Sam Hartman wrote: >>>>>> "Jim" == Jim Schaad <[email protected]> writes: > > > Jim> Does this seem a reasonable approach in some circumstances? > Jim> Are there circumstances you can see where this would be > Jim> unreasonable? > > So, technically it's a lot easier to do this with certs for which you > don't share a trust anchor than for TLS with anonymous DH ciphers. > Mostly implementation issues at fault; end-point channel bindings are > more widely implemented than unique for TLS. > > The general model is sound and is one Nico and I have been working on > for years. > > It means you're really trusting EAP channel binding. It means whoever > runs your ABFAB actually needs to do a quality job of validating > servers. However they may have a smaller problem than a global PKI to > solve so it may be easir for them to do that.
Would not this be an interesting use case for the trust router? -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D e-mail: [email protected] Tel: +34 913 129 041 Mobile: +34 682 051 091 ----------------------------------------- Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at. http://www.tid.es/ES/PAGINAS/disclaimer.aspx _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
