Inline...
On 7/20/22, 8:55 PM, "RATS on behalf of Michael Richardson"
<[email protected] on behalf of [email protected]> wrote:
<snip>
} Any
} public key that can be used to verify a certificate is assumed to
} also support verification of revocation information, subject to
} applicable constraints defined by the revocation mechanism.
I feel as Geoff Houston does: revocation is useless security theatre.
[CW] OK but there does still exist revocation information that some people
verify, perhaps theatrically.
} An unsigned concise TA stores object is a list of one or more TA
} stores, each represented below as a concise-ta-store-map element.
Seems like maybe a word is missing here.
Not really sure. It is really hard to read.
Is: _unsigned concise TA stores object_ the name of a thing?
I think so, but maybe it could be reworded.
[CW] The wording could be better. It's referring to the concise-ta-stores
object. Maybe it should just say that.
> Why does the Enterprise trust the attestation key?
I'm unclear from a quick reading the document if there are signed TA stores.
I think so based upon the examples.
[CW] Yes. This uses the signing mechanism from CoRIM, i.e., COSE. There is an
example with a signature, but it's only given in base64 (not JSON). That one
should probably be expanded too.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
_______________________________________________
RATS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/rats
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
