Hi Michael,
if I get that correctly, your proposal is to send YANG modeled JSON that
includes b64url encoded CMS, wrapped in a CBOR byte string signed via COSE?
Viele Grüße,
Henk
On 03.02.21 18:21, Michael Richardson wrote:
Carsten Bormann <[email protected]> wrote:
> On 31. Jan 2021, at 23:54, Blumenthal, Uri - 0553 - MITLL
> <[email protected]> wrote:
>>
>> I do not get the “re-certify the certificate” part.
> In the Web PKI, the assumption is that every participant knows all root
> certificates and updates that set eagerly. In the IoT world, that
> doesn’t work.
> So people are looking at alternative ways of validating a certificate.
> If there is a big brother/little brother relationship, the little
The RFC8366 voucher does exactly this.
(And you can use it entirely outside of BRSKI, as SZTP does)
It can be serialized as COSE signed CBOR.
Let's not try to mix things up here, or re-invent things.
So I am opposed to cose-x509 doing anything other than doing anything other
than conveying certificates.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
