Eliot Lear wrote:
> What is the thinking on including CRL pointer in the manufacturer
> signing cert? This question came up in industry discussions.
Kent Watsen wrote:
> 802.1AR says that the IDevID secrets must be stored confidentially and
My view is that, if the IDevID has a CRL/OCSP URL listed, then the
validator SHOULD do the checking. If the vendor didn't actually
want revocation checking done, then the vendor should've excluded
such information from their IDevID certs.
FWIW, 802.1AR takes a much neutral stance in Section
Thanks, Kent. Then it seems to me that we have a MAY floating around
for CRL checking on the part of the registrar for BRSKI. Right?
Eliot
On 3/9/17 7:25 PM, Kent Watsen wrote:
> Hi Elliot,
>
>
>> What is the thinking on including CRL pointer in the manufacturer
>> signing cert? This
Hi Elliot,
> What is the thinking on including CRL pointer in the manufacturer
> signing cert? This question came up in industry discussions.
802.1AR says that the IDevID secrets must be stored confidentially and be not
available outside the module. In practice, a crypto processor with
Hi,
What is the thinking on including CRL pointer in the manufacturer
signing cert? This question came up in industry discussions.
Eliot
signature.asc
Description: OpenPGP digital signature
___
Anima mailing list
Anima@ietf.org