Michael Richardson <[email protected]> wrote: > I hoping for some discussion about this comment that I previously > responded to, but it probably got buried.
Actually, you did respond on July 20, in an email that I thought to re-read after pushing send. In it you said: mcr> I would never call the Internet PKI "PKIX". mcr> I'd call it WebPKI, or CAB. mcr> PKIX is the set of IETF specifications that made X509v3 useful. mcr> (And why I try never to use "X509"...) mcr> mcr> I couldn't find a reference to private PKI, so maybe I mis-understand. doc> This document details protocols and messages to answer the above doc> questions. It uses a TLS connection and an PKIX (X.509v3) doc> certificate (an IEEE 802.1AR [IDevID] LDevID) of the pledge to answer doc> points 1 and 2. It uses a new artifact called a "voucher" that the doc> [...] doc> Pledge authentication and pledge voucher-request signing is via a doc> PKIX certificate installed during the manufacturing process. This is bk> The comment about private PKI was me making an assumption; I could be bk> wrong. But I don't really expect all manufacturers that do this to have bk> their IDevID signing CA be part of the Internet PKI; I expect them to be bk> standalone CAs with the root baked into hardware and nothing else that bk> uses that root. Does that help clarify? It helps to clarify where you think I'm referring to the Internet PKI. I don't think of "PKIX" as referring to the Internet PKI/WebPKI as managed by the CAB-Forum. Yes, it will be a private CA 96% of the time. A 1988 era X509v3 certificate isn't good enough; it has to be the IETF PKIX WG profile of X509v3. 801.1AR mostly says that. If you feel that my use of PKIX here is too confusing, I will change it. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] [email protected] http://www.sandelman.ca/ | ruby on rails [ -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
