[OpenID] Google discovery prototype: host-meta from Google

[SitG Admin]

>Let me make the point more explicit:

Took me a while, but I think I'm finally beginning to get this. 
Thanks for sticking with it.

>1. The design being discussed in the XRI TC allows sites to host 
>their signed XRD documents anywhere in the Internet. It uncouples 
>the trust elements of discovery from the path followed to perform 
>discovery.

Discovery (via DNS, or XRI, or whatever) can thus be addressed 
separately, with keys/certs the important point on which trust rests?

>2. The design being discussed at the XRI TC would allow sites to 
>delegate trust to any other site of their choice, by signing 
>delegation statements. This is necessary to really accomplish the 
>vision in (1),

Delegation provided (and enforced) by signatures. Peter's concerns 
are making more sense to me too, though, now; to keep trust truly 
decoupled from the path followed, it wouldn't dictate a path for 
revocation to follow, so how *do* we make certain that our trust is 
not relying on certs that we just haven't found out yet had been 
revoked?

But this is probably just me still catching up :)

-Shade