On 24.09.25 08:14, Laurence Lundblade wrote:
This is a real gem. It solves many of the ambiguities in the discussions.We should frame these words and put it at the beginning of every RATS meeting to avoid us talking past each other.The thing for me is the key material. Who owns, how was it provisioned, what the life cycle and what is the policy around it. Attestation key material is really difference than server/TLS authentication key material which is really different end-user/client authentication.
I still think use of the word authentication without qualification is potentially confusing.
Absolutely. Can't agree more to it.
I think you are using it in a generic way and it mostly means signing a nonce to prove who you are.
Signing a nonce alone provides a very weak form of endpoint authentication.
Not sure. Could you explain this? I don't think it is completely orthogonal. At least the protocol design is critical for security too. Even with perfect data formats, a broken protocol can put all bets off. Perhaps you meant something else, or I am missing something.But it’s an important distinction that the level of security is orthogonal to the protocol.
-Usama
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
