Hi, On 30/4/25, 21:27, <[email protected]> wrote: Tina Tsou <[email protected]> wrote: > I agree that’s a key point. Typically you’d verify the telemetry signing > key using a trust anchor – for example, a device certificate signed by a CA > you already trust or a key the operator installed. If the signing > certificate chains up to one of your trusted CAs/keys, then you know the > signature is valid. We should probably make this trust-anchor step explicit > in the draft.
So the reason I ask the question is because if the point is to have data passed through a couple of steps, and still remain trustworthy, then it's not clear to me that it the device certificate will be available to those third, fourth and fifth parties. The issue of trust management and the availability of trust roots is a general problem in any signature schema. We have added some text in the section on security consideration, following a suggestion from Linda, but trying to make clear that those trust management aspects are out of the scope of the document. Be goode, -- “Esta vez no fallaremos, Doctor Infierno” Dr Diego R. Lopez Telefonica https://www.linkedin.com/in/dr2lopez/ e-mail: [email protected]<mailto:[email protected]> Mobile: +34 682 051 091 --------------------------------- -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide ________________________________ Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is confidential and privileged information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
_______________________________________________ OPSAWG mailing list -- [email protected] To unsubscribe send an email to [email protected]
