DKG: > On Jan 10, 2019, at 10:54 AM, Daniel Kahn Gillmor <dkg@xxxxxxxxxxxxxxxxx> wrote: > > On Thu 2019-01-10 12:56:27 +0000, Salz, Rich wrote: >> [ dkg wrote: ] >>> What it introduces is the tight coupling of two previously-distinct >>> actions for the relying party: >> >> I don't see it that way. Nobody is forcing relying parties to couple >> things. > > Earlier in the thread, Russ wrote: > >> If both checks succeed, then the potential Root CA certificate is >> added to the trust anchor store and the current Root CA certificate is >> removed. > > Maybe this isn't *forcing* (in the sense that none of our RFCs can force > anyone to do anything), but it indicates that relying parties that > follow this specification will tightly couple these two actions, with > potentially bad consequences. Again, by following the new-in-old and old-in-new advice referenced in Section 5, the replacement will not change the validity of any end-entity certificates. So, I think the "bad consequences" is an overstatement. Russ
Attachment:
signature.asc
Description: Message signed with OpenPGP
