At 11:29 PM +0100 2/9/12, DIEGO LOPEZ GARCIA wrote:
On 8 Feb 2012, at 20:30 , Stephen Kent wrote:
>...and I do agree with you in that whichever
entity making such assertion (X.509, SAML, JWT)
has to be authoritative for the identity
asserted if you want it to be usable.
I think we are in agreement. CAs that are not authoritative for asserted
identities are as bad as federated trust entities with similar properties.
Steve
_______________________________________________
therightkey mailing list
therightkey@ietf.org
https://www.ietf.org/mailman/listinfo/therightkey
