Michael,
I agree that’s a key point. Typically you’d verify the telemetry signing
key using a trust anchor – for example, a device certificate signed by a CA
you already trust or a key the operator installed. If the signing
certificate chains up to one of your trusted CAs/keys, then you know the
signature is valid. We should probably make this trust-anchor step explicit
in the draft.
Tina
From: "Michael Richardson"<mcr+i...@sandelman.ca>
Date: 2025年4月28日 (周一) 06:20
Subject: [External] [OPSAWG]Re: Call for adoption:Applying COSE Signatures
for YANG Data Provenance, draft-lopez-opsawg-yang-provenance
To: <opsawg@ietf.org>
Tina Tsou <tina.tsou=40tiktok....@dmarc.ietf.org> wrote:
> As an end user, I need to ensure the config and telemetry data I'm
using is
> trustworthy. This mechanism makes that possible in a simple way.
Using
How will you, as an end-user, know if the key signing the telemetry is
trustworthy?
--
Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
_______________________________________________
OPSAWG mailing list -- opsawg@ietf.org
To unsubscribe send an email to opsawg-le...@ietf.org
_______________________________________________
OPSAWG mailing list -- opsawg@ietf.org
To unsubscribe send an email to opsawg-le...@ietf.org
