Hi Elliot,
> What is the thinking on including CRL pointer in the manufacturer > signing cert? This question came up in industry discussions. 802.1AR says that the IDevID secrets must be stored confidentially and be not available outside the module. In practice, a crypto processor with tamper-resistant NVRAM is used (e.g., TPM). As such, the likelihood of the credentials being stolen/discovered are near zero, but it is not zero, as a determined adversary with sufficient resources can still have their way with it. Still, vendors will likely conclude that protecting against that level of attack isn't necessary. That said, vendors face a more likely scenario, of issues occurring by contract manufacturers, whether it be accidental or intentional. And as unlikely this scenario may seem, things happen and the vendor would be without recourse if unable to issue revocations. To this extent, setting up the infrastructure to support revocations can be compared to insurance - hopefully you never need it, but when you do, you're glad you have it. Kent _______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
