chris-wood
commented
2 years ago This is an architecture issue, so let's move it over there.
Closed chris-wood closed 2 years ago
chris-wood
commented
2 years ago This is an architecture issue, so let's move it over there.
Different issuers may trust different attesters, and the security posture of the origin when using a specific issuer depends on this set of trusted attesters. In effect, origins get the "minimum" guarantees across all attesters trusted by a selected issuer. If an origin needs to ensure different types of attestation requirements, it should do so by choosing issuers with different trusted attesters. We should add text describing these origin/issuer arrangement questions.