The Infineon TPM root certificates are signed by VeriSign, so technically a third party only needs to trust the VeriSign root cert. However pinning to the manufacturer’s root cert is generally a good idea.
Phil > On Jun 15, 2016, at 1:08 PM, Ken Goldman <[email protected]> wrote: > > On 6/15/2016 2:07 PM, Tadd Seiff wrote: >> >> http://www.infineon.com/cms/en/product/promopages/optiga_tpm_certificates/#SLB9665xx2.0 > > That's the link for TPM 2.0. TPM 1.2 may be different, but one can > follow your link over to 1.2. > >> Disclaimer: I have not done this process, that is authenticating against >> a manufacturer's certs, so I can't guarantee this will be helpful > > I've done it for TPM 2.0 for two manufacturers, and it all just works. > The next release of my TSS 2.0 (not trousers) will include the root > certificates. > > Suggestion: It would be nice if someone gathered up all the 1.2 root > certs and folded them into trousers, or at least put the URLs in the > trousers docs. > > Rant: Please encourage TPM vendors to use https links to there > certificates. They are trust anchors, and they should not permit a > man-in-the-middle to substitute counterfeit TPM certificates. > > > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity planning > reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381 > _______________________________________________ > TrouSerS-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-users
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
_______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
