Jeremy Hahn <[email protected]> wrote: > An attestation authorization still needs to be verified with a challenge, > so setting it to valid in the new-order request does not seem like it would > work. I think what's best for device attestation is the ability to send the > attestation / challenge response at the same time the challenge is
If I'm understanding this thread correctly... I really think it's a mistake to lump attestation responses in with authorization challenges. As I said in the WG session, I think that the terminology is an attractive nuissance and we need a new term that describes the process by which a client proves they are "sane" enough to be issued a certificate, and that this is very different from proving authorization for a name. OTH, I may mis-understand this discussion. -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
