On Mon, Jun 28, 2010 at 22:27, Luchesar V. ILIEV
<luchesar.iliev at gmail.com> wrote:
> [...snip...]
>
> In other words, if the service gets a request for the resource above
> from an address, which reverse-resolves to, say, badguy.aol.com, then
> the policy service will reject the request straight away.

That was ambiguous, sorry. Should have read instead:

In other words, if the _policy_ service gets a _policy_creation_
request for the resource above from an address that reverse-resolves
to, say, badguy.aol.com, then the policy service will reject the
request straight away (because badguy.aol.com !=
serviceA.opentox.org).

L.

P.S. And, in the case of SSL/TLS, it would read:

In other words, if the _policy_ service gets a _policy_creation_
request for the resource above via a secure connection where the
client certificate has been issued to badguy.aol.com, then the policy
service will reject the request straight away (because badguy.aol.com
!= serviceA.opentox.org).

Of course, if the bad guy doesn't present valid certificate in the
first place (that is, issued by a trusted certification authority),
then no connection would happen at all.