> On 12 Apr 2021, at 18:25, Joseph Salowey <[email protected] > <mailto:[email protected]>> wrote: > >> >> I would agure there that the federation should have it's own CA. > > That’s what I’m thinking. But I could imagine hardcoded devices that make > use of it. That’s all. > > > [Joe] Relying on a burned in certificate this way seems like a really bad > idea. What happens when that certificate expires? >
Separate the cert from the cert selection. Don’t burn the cert in, but imagine a device that communicates out of the box with a federation service. This is already done at higher layers. Eliot
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
