Esko Dijk <[email protected]> wrote: > Based on the discussion, trying to list some practical cases we can > have of the pinned-domain-cert:
I believe that we concur on the uses.
I'm not sure if you are saying the CA:TRUE is a requirement.
I do not want to mandate that. CA:TRUE is, of course, acceptable.
I think that today's revised text supports all of your use cases.
If you find some fell out of bounds, then it's a mistake.
> In the latter case, the self-signed limited-scope root CA will
> typically be used as the pinned-domain-cert. And the EST server will
> create certificates signed by this same root CA.
I believe that by number of Registrar's the self-signed private CA will be
the most common. It is what I have suggested in
draft-richardson-anima-registrar-operations.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
