interfed - RE: [inc-interfed] opt-out / opt-in
Subject: Interfederation
List archive
- From: "Cantor, Scott" <>
- To: "" <>
- Subject: RE: [inc-interfed] opt-out / opt-in
- Date: Fri, 3 May 2013 16:29:04 +0000
- Accept-language: en-US
- Authentication-results: sfpop-ironport03.merit.edu; dkim=neutral (message not signed) header.i=none
> I'm not suggesting this lightly. I'm asking a real question that has
> bothered me for some time. What value can InC Ops add to the UKF
> aggregate? Likewise, if we adopt Scott's all-inclusive point of view,
> why would InC Ops want to create a special "export aggregate" for
> interfederation purposes?
Because interfed technically is about trust anchors. People want one, not 100
(and 100 makes things considerably less safe).
In addition, forcing the endpoints to deploy the trust anchors and metadata
is another barrier to getting it to happen.
Federations are also much more well positioned to implement the modern
equivalent of policy and naming constraints in PKI.
-- Scott
- [inc-interfed] opt-out / opt-in, Jim Basney, 05/02/2013
- Re: [inc-interfed] opt-out / opt-in, Tom Scavo, 05/03/2013
- Re: [inc-interfed] opt-out / opt-in, Ian Young, 05/03/2013
- RE: [inc-interfed] opt-out / opt-in, Cantor, Scott, 05/03/2013
- Re: [inc-interfed] opt-out / opt-in, Scott Koranda, 05/04/2013
- Re: [inc-interfed] opt-out / opt-in, Tom Scavo, 05/03/2013
Archive powered by MHonArc 2.6.16.