[caops-wg] Encoding AIA in first-level Proxy Cert

[Mike Helm]

> in that if I compromise a machine that has proxy certs going thru
> it, I can revoke all subsequent proxies for the whatever proxy certs 

Why is that bad?

Let's try an analogy.  Suppose my super secret password is
exposed on machine B -- or better, machine B is totally compromised.
It's in a chain of my logins and jobs
connecting A->B->C.  Since my account on B could presumably
do lots of things, run lots of jobs & make other network 
connections, wouldn't you want to lock it once it 
machine B had been corrupted?  Too bad about the lost work,
but what's the better alternative?