> > I thought we had a message exchange on the topic and agreed that SPKI > was out of scope. My concern is that we keep talking as though the > syntax of a cert is at the heart of this problem, which I think is > just plain wrong. That's why a document like RFC 4398 is irrelevant. > Defining a format for storing any form of cert in the DNS is trivial, > because the DNS is not making use of the content to make decisions. In > contrast many of the proposed TAM use cases DO need to pay attention > to the contents of TAs (whether they be certs or not), in order to > support meaningful TA management. > >
Could you elaborate on one or two use cases where the content of the TA is essential.To me this is absolutely critical to figure out - if you are right there is a real risk that TAM won't be properly layered on top of things like X.509, SPKI, PGP. Cheers Leif