Hi, The current text in the MUD draft around trust of certificates needs cleaning up. What I propose to do is to simply state that MUD controller implementations MUST NOT blindly trust unknown signers, and that they should apply restrictive controls until someone has reviewed the content of the file or they have some basis to trust that the file's contents are appropriate for the device in question.
Eliot
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg