>> - should the leafs not starting with "cert-" start with "sig-", to better >> match section 6.1? > > <ALEX> No, that would actually match less and be misleading. The parameters > mentioned in 6.1.1 > refer to configuration parameters for certificate blocks, and are accordingly > prefixed “cert”. The > parameters mentioned in 6.1.2 are related to Signature Blocks and are > accordingly prefixed with > “sig” (sigMaxDelay, sigNumberResends, sigREsendDelay, and sigResendCount). > So, you might > actually want to consider prefixing max-delay, number-resends, resend-delay, > and resend-count > with“sig-“. </ALEX>
Exactly, we agree. These were the leafs I meant by "not starting with 'cert-' ". > Syslog-sign does not specify how these types got there and what key material > they > used. Now, if you wanted to manage that as well, sure, but now you would be > getting > into TLS territory as you mention and I would think this should be kept > outside the > scope. That Syslog-sign doesn't specify this is a good response as well. But answer me honestly, isn't it something that a device would have to have configured and, if so, wouldn't it make most sense for that configuration to be in this module? FWIW, I don't think that it's TLS-territory so much as keystore-territory. Thanks, Kent // shepherd
_______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
