As much as I hate to spam multiple lists, I need to correct a technical error. And, really, this discussion should be happening on the keyassure mailing list.
At 12:56 PM -0400 10/5/10, Phillip Hallam-Baker wrote: >But the design approach taken in the Hoffman et. al. proposal is that >publication of a DNSSEC assurance for a cert disables verification on the PKIX >chain unless the 'preferences' flag is set. That statement was untrue in draft-hoffman-keys-linkage-from-dns-02, and the flag was removed in -03. --Paul Hoffman, Director --VPN Consortium _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
