At 2:11 AM -0700 5/24/10, Terry Manderson wrote:
...
One problem I think exists is that the desire to take strong security
constructs and taxonomies seen in PKI models where a certificate status is
binary (it either validates or does not) doesn't, in my opinion, mesh
perfectly to the routing system where we have all these fantastic grey areas
that involve preferences, policy, contracts, and so forth.
Actually, in typical PKI contexts, the situation is not binary :-).
A cert may be valid, expired, or revoked. There is also a big gray
area associated with revocation status info for the cert in question
(or for ancestor certs).
Steve
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
