On 3-Mar-06, at 12:00 PM, Robert Yates wrote:
For sure digital signatures and certificates are a solution, but
I'm not sure I'd go about it in exactly that way.
I guess what I'm asking here is a scope question. Is it within the
scope of DIX to allow the message signature to be a signature that
can be verified without a remote call? and if it isn't within the
scope of core, is it expected that an extension to the core could
do it?
I think it's out of scope for DIX, but that whatever comes of out of
DIX should provide extension points for layering alternative
verification mechanisms on top. So, for example, in dmd0 we have the
capabilities definition, discovery, and publishing mechanism, so that
the HS can advertise alternative mechanisms. A great alternative
mechanisms would perhaps be a shared secret... or certificates.
John
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
