Paul Hoffman wrote:
>
> Further, I want to emphasize that TAM should be able to pass bare
> public keys and not require them to be PKIX-wrapped certs. There are
> lots of use cases where keys are more appropriate than a cert, and the
> semantics will be much clearer.
>
> --Paul Hoffman, Director
> --VPN Consortium
>
Won't a typed blob of some sort neatly solve all of the issues around
certificate types? I'm asking because a typed blob will also have other
nice properties such as isolation between a tam "engine" and plugins
dealing with individual certificate types.
This will allow us to spend time figuring out what a tam "client" must be
able to assume about the entities stored in a tam "server" rather than
engage in a discussion on the metaphysics of trust ;-)
Cheers Leif
