On 10 Feb 2012, at 01:22 , Stephen Kent wrote: >> Or should we just be trusting a certification authority to do what it >> says it will do in its CPS, perhaps just confirming that an email address >> asserted in a certificate request is indeed accessible by the party that's >> requesting a cert with that "identity"? > > Trusting a CA based on its CPS, without an ability to constrain the > scope of identities that the CA can certify is dangerous. This is why > we have the current mess of
Just wanted to say that though we started in some disagreement about ID federations, I'd sign that statement and apply it to identity assertions in federations as well. Be goode, -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D http://people.tid.es/diego.lopez/ e-mail: di...@tid.es Tel: +34 913 129 041 Mobile: +34 682 051 091 ----------------------------------------- Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at http://www.tid.es/ES/PAGINAS/disclaimer.aspx _______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey
