I hoping for some discussion about this comment that I previously
responded to, but it probably got buried.

    > Section 2.3

    > Pledge authentication and pledge voucher-request signing is via a
    > PKIX certificate installed during the manufacturing process.  This is

    > (As noted elsewhere, "PKIX" may not be the best term here.)

....

    > (10) The term PKIX seems to be incorrectly used a few times; it refers
    > to the Internet PKI, and so things like a private PKI internal to a
    > manufacturer would probably not be best described as such.  Such
    > private PKIs can of course still reuse the protocols and mechanisms
    > developed for PKIX, and it's accurate to describe them as such.

I would never call the Internet PKI "PKIX".
I'd call it WebPKI, or CAB.

PKIX is the set of IETF specifications that made X509v3 useful.


(I try never to use "X509", because the ITU left us with an unuseable
mess, and I don't think they deserve any credit)



--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-



Attachment: signature.asc
Description: PGP signature

_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

Reply via email to