Re: [Sip] comments on draft-kupwade-sip-iba-00

[Eric Rescorla <ekr at networkresonance.com>]

At Wed, 27 Feb 2008 08:30:11 -0800 (PST),
Harsh Kupwade wrote:
> Forcing a signer to send a certificate is fine, but if the
> signer?s root CA is not same as the receiver?s root CAs, then
> the receiver has to go through a complex path construction process
> which is not a trivial problem.

Huh? The entire Web security system operates on the principle that you
can verify certificates from random CAs. This has not turned out to be
a serious problem in practice.

Moreover, *exactly* the same problem exists wrt the KG in identity-based
systems.

-Ekr
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip