[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Confirm decision on identity handling.




Just wanted to comment on this: I agree with Paul. Since we seem
unable to produce a coherent specification with respect to PKI-related
policies, when using certs the ID payload should not be present. If we
cannot agree on this, then the next best position is that the ID payload
must exactly match an identity contained in the cert. Anything else
leads to utter confusion and confounds interoperability.

I can't believe that after so many years, we are still paralyzed w.r.t.
this topic. What a farce. For the last several weeks, I've been trying
to get several ostensibly mature implementations to interoperate using
certs, and I've not had much success. How sad.

Scott