On 31. Jan 2021, at 23:54, Blumenthal, Uri - 0553 - MITLL <[email protected]> wrote: > > I do not get the “re-certify the certificate” part.
In the Web PKI, the assumption is that every participant knows all root certificates and updates that set eagerly. In the IoT world, that doesn’t work. So people are looking at alternative ways of validating a certificate. If there is a big brother/little brother relationship, the little brother may look to the big brother to validate the certificate for it. To relay this validation (let’s call it a voucher), big brother could create its own certificate out of (or for!) the certificate in question. But it may be more lightweight to protect the voucher as data in an authenticated connection (say, TLS), or as part of an authenticated object (say, COSE). Grüße, Carsten _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
