Tina Tsou <tina.t...@tiktok.com> wrote:
> I agree that’s a key point. Typically you’d verify the telemetry signing
> key using a trust anchor – for example, a device certificate signed by a
CA
> you already trust or a key the operator installed. If the signing
> certificate chains up to one of your trusted CAs/keys, then you know the
> signature is valid. We should probably make this trust-anchor step
explicit
> in the draft.
So the reason I ask the question is because if the point is to have data
passed through a couple of steps, and still remain trustworthy, then it's not
clear to me that it the device certificate will be available to those third,
fourth and fifth parties.
--
Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ OPSAWG mailing list -- opsawg@ietf.org To unsubscribe send an email to opsawg-le...@ietf.org
