Michael, I agree that’s a key point. Typically you’d verify the telemetry signing key using a trust anchor – for example, a device certificate signed by a CA you already trust or a key the operator installed. If the signing certificate chains up to one of your trusted CAs/keys, then you know the signature is valid. We should probably make this trust-anchor step explicit in the draft.
Tina From: "Michael Richardson"<[email protected]> Date: 2025年4月28日 (周一) 06:20 Subject: [External] [OPSAWG]Re: Call for adoption:Applying COSE Signatures for YANG Data Provenance, draft-lopez-opsawg-yang-provenance To: <[email protected]> Tina Tsou <[email protected]> wrote: > As an end user, I need to ensure the config and telemetry data I'm using is > trustworthy. This mechanism makes that possible in a simple way. Using How will you, as an end-user, know if the key signing the telemetry is trustworthy? -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide _______________________________________________ OPSAWG mailing list -- [email protected] To unsubscribe send an email to [email protected]
_______________________________________________ OPSAWG mailing list -- [email protected] To unsubscribe send an email to [email protected]
