Much of this discussion is less of a technical nature but about framing things right.
If all signed assertions are called certificates, it may be hard to get rid of X.509, because that is what people think of when they say “certificate". What signed assertions do we need for constrained IoT, and which of these really “need” to be certificates? (A chain of signed assertions might ultimately terminate in an X.509 certificate, because that’s the way we store public keys with long-term validity in many places, but how important is it to have the full X.509 certificate represented in a constrained device?) Grüße, Carsten _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
