Carl Wallace <[email protected]> wrote: > Distributing trust anchors to verify device attestations is one of the > aims of > https://datatracker.ietf.org/doc/html/draft-wallace-rats-concise-ta-stores-00. Note, > there's also a LAMPS draft that borrows the WebAuthn format approach > from this ACME device attestation draft but for use in extensions > suitable for CMP, EST, SCEP, etc.
ah, okay.
I read that document too now.
} Any
} public key that can be used to verify a certificate is assumed to
} also support verification of revocation information, subject to
} applicable constraints defined by the revocation mechanism.
I feel as Geoff Houston does: revocation is useless security theatre.
} An unsigned concise TA stores object is a list of one or more TA
} stores, each represented below as a concise-ta-store-map element.
Seems like maybe a word is missing here.
Not really sure. It is really hard to read.
Is: _unsigned concise TA stores object_ the name of a thing?
I think so, but maybe it could be reworded.
> Why does the Enterprise trust the attestation key?
I'm unclear from a quick reading the document if there are signed TA stores.
I think so based upon the examples.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
