On Wednesday, August 26, 2015 05:11:01 pm Joseph Salowey wrote: > It looks like we have good consensus on PR 169 to relax certificate list > ordering requirements. I had one question on the revised text. I'm > unclear on the final clause in this section: > > "Because certificate validation requires that trust anchors be distributed > independently, a self-signed certificate that specifies a trust anchor MAY > be omitted from the chain, provided that supported peers are known to > possess any omitted certificates they may require." > > I just want to make sure there isn't the intention of omitting certificates > that are not seif-signed.
Well, technically anything can be omitted; it just won't validate. :p I'm not opposed to tweaking the wording here, but I don't really see it as a problem. If someone does, though, that's reason enough for me to agree to changing it. Simplest change is: "any omitted certificates they may require" -> "it" \/ "Because certificate validation requires that trust anchors be distributed independently, a self-signed certificate that specifies a trust anchor MAY be omitted from the chain, provided that supported peers are known to possess it." Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
