Carsten Bormann <[email protected]> wrote: > On 31. Jan 2021, at 23:54, Blumenthal, Uri - 0553 - MITLL > <[email protected]> wrote: >> >> I do not get the “re-certify the certificate” part.
> In the Web PKI, the assumption is that every participant knows all root
> certificates and updates that set eagerly. In the IoT world, that
> doesn’t work.
> So people are looking at alternative ways of validating a certificate.
> If there is a big brother/little brother relationship, the little
The RFC8366 voucher does exactly this.
(And you can use it entirely outside of BRSKI, as SZTP does)
It can be serialized as COSE signed CBOR.
Let's not try to mix things up here, or re-invent things.
So I am opposed to cose-x509 doing anything other than doing anything other
than conveying certificates.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
