Matt G1 <[email protected]> wrote: > At the end of the work, however, other benefits came to light from my > view. Primarily, the challenge-at-each-issuance fits more naturally > into a zero trust design philosophy. The EST proof of identity (and the > 3GPP CMPv2 based solution) issue a new certificate based on the fact > you have (they key for) the previous one, and maybe some credentials > issued at enrolment.
What, in the cloud-native space, is the thing/identity that ACME allows you to challenge for a client certificate? I don't think it's an IP address (NAT44 all the way down in the kubernetes space) or a DNS name. -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =- *I*LIKE*TRAINS*
signature.asc
Description: PGP signature
_______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
