Russ, I really appreciate all the careful review you've given this. May I ask you, though, not to hold the document on this issue? This has been on the IESG plate for a very long time, and it is now very clearly marked as a non-IETF view of the world. Though I'm sure we could continue the dialog on these with the authors, I would really appreciate us having that once the documents are published. regards, Ted At 5:04 PM -0400 7/9/03, Russ Housley wrote:draft-sun-handle-system-11.txt
Most of my previous concerns have been resolved. One remains.
In section 7.3, it says: "The trust between the client and its proxy and caching server has to be setup independently." If the server returns a signed response, I assume that the client can determine that it came from the correct source, regardless of the number of proxies that are in the middle of the communications path.