- From: Joseph Reagle <reagle@w3.org>
- Date: Wed, 18 Dec 2002 12:31:32 -0500
- To: "Hallam-Baker, Phillip" <pbaker@verisign.com>, Slava Galperin <slava.galperin@sun.com>
- Cc: "Www-Xkms (E-mail)" <www-xkms@w3.org>
On Wednesday 18 December 2002 12:11, Hallam-Baker, Phillip wrote: > I don't think the problem is with the explanation of the difference > between Locate and Validate. I think the real problem is that people > refuse to believe that there can be two operations that are identical > except in the degree of trust that is asserted. Lets get clear on the > processing model before we go onto the text... ARGH -- as this unravels the uneasy understanding I had managed to accomodate. If this was the case then all there is, is a query with a different trust policy or KeyYsage. > Locate returns exactly the same information as Validate with the sole > exception that it explicitly does not undertake to meet even the minimal > requirements of a trusted service. What does this mean, "minimal requirements of a trusted service?" How trusted a service is, is determined by the client's assessment of the service's trust policy. > In the case of validate the client MAY rely on the information returned > directly. In the case of locate the client MUST accept responsibility > for validation. What? If you are going to use MUST and MAY in this way, it must to have them apply to the same term and think of an actual test/case example. > A locate only service might be run on an untrusted machine in a location > with no physical security because the service can rely on the client > performing the validation step. And a validate service might be run on a 10% untrusted machine in a locked closet. It's meaningless to talk of "trust" in this way. Trust is a expectation/reflection of risk. This might vary across locating information (I might trust one LDAP server which is updated more often than another that has long gone stale) and validation (I might trust a better maintained machine with timely CRL updates to do path validation more than one that doesn't). Trust is determined by context and the policy the service says its operating under -- so as to indemnify the risk. I *thought* we had finally agreed that locate and validate had nothing to do with this. Instead, they pertained to the sort of processing I'm expecting in response to each request. Locate is a simple query; Validate is a query with additional processing. The degree to which I believe the information is correct can apply to both, and is orthongal to both.
Received on Wednesday, 18 December 2002 12:31:36 UTC