Tina Tsou <[email protected]> wrote: > I agree that’s a key point. Typically you’d verify the telemetry signing > key using a trust anchor – for example, a device certificate signed by a CA > you already trust or a key the operator installed. If the signing > certificate chains up to one of your trusted CAs/keys, then you know the > signature is valid. We should probably make this trust-anchor step explicit > in the draft.
So the reason I ask the question is because if the point is to have data passed through a couple of steps, and still remain trustworthy, then it's not clear to me that it the device certificate will be available to those third, fourth and fifth parties. -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ OPSAWG mailing list -- [email protected] To unsubscribe send an email to [email protected]
